GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-27 15:45:40 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK2555GSX rev.FG001M 232,89GB Running: dwmpqj28.exe; Driver: C:\Users\martyna\AppData\Local\Temp\fxloypow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackComplete + 1441 82C8DE95 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC7522 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[472] services.exe 00211608 4 Bytes [E0, 2B, 75, 72] {LOOPNZ 0x2d; JNZ 0x76} .text C:\Windows\system32\services.exe[472] services.exe 00211618 4 Bytes [00, 2E, 75, 72] {ADD [ESI], CH; JNZ 0x76} .text C:\Windows\system32\services.exe[472] services.exe 00211624 4 Bytes [10, 31, 75, 72] {ADC [ECX], DH; JNZ 0x76} .text C:\Windows\system32\services.exe[472] services.exe 00211638 4 Bytes [30, 2B, 75, 72] {XOR [EBX], CH; JNZ 0x76} .text C:\Windows\system32\services.exe[472] services.exe 00211648 4 Bytes [90, 2C, 75, 72] .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] ntdll.dll!NtCreateFile 772E55E8 5 Bytes JMP 60409C03 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] ntdll.dll!NtFlushBuffersFile 772E5978 5 Bytes JMP 6040990B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] ntdll.dll!NtQueryFullAttributesFile 772E6008 5 Bytes JMP 604099C0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] ntdll.dll!NtReadFile 772E62D8 5 Bytes JMP 60409ACD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] ntdll.dll!NtReadFileScatter 772E62E8 5 Bytes JMP 607D8C27 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] ntdll.dll!NtWriteFile 772E6A88 5 Bytes JMP 60409DA7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] ntdll.dll!NtWriteFileGather 772E6A98 5 Bytes JMP 607D8C77 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] ntdll.dll!LdrLoadDll 773022BE 5 Bytes JMP 7114902C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] kernel32.dll!CopyFileExW 7567B348 6 Bytes JMP 71AF000A .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] kernel32.dll!MoveFileWithProgressW 75688E9C 6 Bytes JMP 71A8000A .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 756894E6 7 Bytes JMP 607C2714 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] kernel32.dll!QueryPerformanceCounter + 13 7568C4E5 7 Bytes JMP 607C4641 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] kernel32.dll!LoadAppInitDlls + 355 7568F5A6 7 Bytes JMP 60564050 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] kernel32.dll!MoveFileWithProgressA 756A4050 6 Bytes JMP 71A5000A .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] USER32.dll!GetWindowInfo 75BE4B5E 5 Bytes JMP 611AC048 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4196] GDI32.dll!GetViewportOrgEx + 26C 7635884B 7 Bytes JMP 607C0C8F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4276] USER32.dll!RegisterMessagePumpHook + 2F1 75BD8B9E 7 Bytes JMP 61097E77 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4276] USER32.dll!IsDialogMessageW + 340 75BE4444 7 Bytes JMP 61097F4C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4276] USER32.dll!GetWindowInfo 75BE4B5E 5 Bytes JMP 6109A228 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4276] USER32.dll!ToUnicodeEx + 71 75BF2223 7 Bytes JMP 6109881B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtCreateFile + 6 772E55EE 4 Bytes [28, C8, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtCreateFile + B 772E55F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtCreateKey + 6 772E562E 4 Bytes [68, C9, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtCreateKey + B 772E5633 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtCreateMutant + 6 772E566E 4 Bytes [68, CA, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtCreateMutant + B 772E5673 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtCreateSection + 6 772E570E 4 Bytes [A8, CA, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtCreateSection + B 772E5713 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtMapViewOfSection + B 772E5C53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenFile + 6 772E5CFE 4 Bytes [68, C8, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenFile + B 772E5D03 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenKey + 6 772E5D2E 4 Bytes [A8, C9, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenKey + B 772E5D33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenKeyEx + B 772E5D43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenMutant + 6 772E5D7E 4 Bytes [28, CA, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenMutant + B 772E5D83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenProcess + 6 772E5DAE 4 Bytes [68, CB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenProcess + B 772E5DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenProcessToken + 6 772E5DBE 4 Bytes [A8, CB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenProcessToken + B 772E5DC3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenProcessTokenEx + 6 772E5DCE 4 Bytes [68, CC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenProcessTokenEx + B 772E5DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenSection + B 772E5DF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenThread + 6 772E5E2E 4 Bytes [28, CB, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenThread + B 772E5E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenThreadToken + 6 772E5E3E 4 Bytes [28, CC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenThreadToken + B 772E5E43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenThreadTokenEx + 6 772E5E4E 4 Bytes [A8, CC, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtOpenThreadTokenEx + B 772E5E53 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtQueryAttributesFile + 6 772E5F5E 4 Bytes [A8, C8, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtQueryAttributesFile + B 772E5F63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtQueryFullAttributesFile + B 772E6013 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtSetInformationFile + 6 772E665E 4 Bytes [28, C9, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtSetInformationFile + B 772E6663 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtSetInformationThread + B 772E66C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtUnmapViewOfSection + 6 772E69DE 4 Bytes [28, CD, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ntdll.dll!NtUnmapViewOfSection + B 772E69E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] kernel32.dll!CreateProcessW 7564204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] kernel32.dll!CreateProcessA 75642082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!ActivateKeyboardLayout 75BD8203 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!ScreenToClient 75BDA506 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!RegisterClipboardFormatA 75BDC091 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!RegisterClipboardFormatW 75BDDF8D 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!SetCursor 75BE3075 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!MonitorFromWindow 75BE3622 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!PostMessageW 75BE447B 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!IsWindowVisible 75BE4D69 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetClientRect 75BE54DD 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!MapWindowPoints 75BE5CAA 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetParent 75BE6029 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!EmptyClipboard 75BF290C 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!SetClipboardData 75BF2962 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetClipboardData 75BF2BA7 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetClipboardFormatNameW 75BF5FD2 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!SetClipboardViewer 75BF6FF6 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetClipboardFormatNameA 75BF700A 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!ChangeClipboardChain 75C0147C 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetTopWindow 75C024D9 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!CloseClipboard 75C0446C 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!OpenClipboard 75C0447E 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!IsClipboardFormatAvailable 75C044FF 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetClipboardSequenceNumber 75C04513 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetClipboardOwner 75C04525 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!CountClipboardFormats 75C0470A 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!EnumClipboardFormats 75C047EC 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetOpenClipboardWindow 75C0480B 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!SetCursorPos 75C1C1B0 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetClipboardViewer 75C34AF7 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] user32.DLL!GetPriorityClipboardFormat 75C34BF9 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!DeleteObject 76355F14 5 Bytes JMP 001101B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SelectObject 76356640 5 Bytes JMP 001105F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SetTextColor 76356906 5 Bytes JMP 00110A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SetBkMode 763569B1 5 Bytes JMP 001108F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!DeleteDC 76356EAA 5 Bytes JMP 00110170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetDeviceCaps 76356F7F 5 Bytes JMP 001103B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!ExtSelectClipRgn 76357114 5 Bytes JMP 001102F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SelectClipRgn 76357242 5 Bytes JMP 001105B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SetStretchBltMode 76357705 5 Bytes JMP 001106B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetCurrentObject 76357917 5 Bytes JMP 00110370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetTextMetricsW 76357B8F 5 Bytes JMP 00110E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetTextAlign 76357DAF 5 Bytes JMP 00110D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!IntersectClipRect 76357DFE 5 Bytes JMP 001103F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!ExtTextOutW 76358192 5 Bytes JMP 00110970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SetTextAlign 7635828E 5 Bytes JMP 001109F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetClipBox 76358525 5 Bytes JMP 00110330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!MoveToEx 76358C21 5 Bytes JMP 00110470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!StretchDIBits 7635A53E 5 Bytes JMP 00110770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!RestoreDC 7635A67B 5 Bytes JMP 00110530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SaveDC 7635A74B 5 Bytes JMP 00110570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetTextExtentPoint32W 7635B4B5 5 Bytes JMP 00110670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetTextFaceW 7635B73A 2 Bytes JMP 00110D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetTextFaceW + 3 7635B73D 2 Bytes [DB, 89] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetFontData 7635BCC4 5 Bytes JMP 00110C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SetWorldTransform 7635C90A 5 Bytes JMP 001106F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!CreateDCA 7635CCA9 5 Bytes JMP 001100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!CreateDCW 7635CF79 5 Bytes JMP 001100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!CreateICW 7635CFD0 5 Bytes JMP 00110130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetTextMetricsA 7635D0F2 5 Bytes JMP 00110DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!Rectangle 7635F1FF 5 Bytes JMP 001109B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!LineTo 7635F59B 5 Bytes JMP 00110430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SetICMMode 7635FAA4 5 Bytes JMP 00110DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!ExtTextOutA 76360D20 5 Bytes JMP 00110930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetTextExtentPoint32A 7636117F 5 Bytes JMP 00110630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!ExtEscape 76362D49 5 Bytes JMP 001102B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!Escape 76363400 5 Bytes JMP 00110270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!ResetDCW 76363A9B 5 Bytes JMP 00110AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!EndPage 763640DA 5 Bytes JMP 00110230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SetPolyFillMode 763667E1 5 Bytes JMP 00110B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SetMiterLimit 7636699D 5 Bytes JMP 00110B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetTextFaceA 76370D22 5 Bytes JMP 00110CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!GetGlyphOutlineW 7637C2DA 5 Bytes JMP 00110CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!CreateScalableFontResourceW 7637E937 5 Bytes JMP 00110BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!AddFontResourceW 7637ED33 5 Bytes JMP 00110BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!RemoveFontResourceW 7637F229 5 Bytes JMP 00110C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!AbortDoc 76384E29 5 Bytes JMP 00110030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!EndDoc 76385270 5 Bytes JMP 001101F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!StartPage 7638535B 5 Bytes JMP 00110730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!StartDocW 76385D76 5 Bytes JMP 001107F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!BeginPath 7638651D 5 Bytes JMP 00110830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!SelectClipPath 76386574 5 Bytes JMP 00110AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!CloseFigure 763865CF 5 Bytes JMP 00110070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!EndPath 76386626 5 Bytes JMP 00110A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!StrokePath 76386859 5 Bytes JMP 001107B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!FillPath 763868E6 5 Bytes JMP 00110870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!PolylineTo 76386D54 5 Bytes JMP 001104F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!PolyBezierTo 76386DE5 5 Bytes JMP 001104B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] GDI32.dll!PolyDraw 76386E97 5 Bytes JMP 001108B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ole32.dll!OleSetClipboard 761B0045 5 Bytes JMP 00130030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ole32.dll!OleIsCurrentClipboard 761B36B2 5 Bytes JMP 00130070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe[5524] ole32.dll!OleGetClipboard 761DFDCD 5 Bytes JMP 001300B0 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2992] @ C:\Windows\Explorer.EXE [USER32.dll!MoveWindow] [744C18C0] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll IAT C:\Windows\Explorer.EXE[2992] @ C:\Windows\Explorer.EXE [USER32.dll!SetWindowPos] [744C1A10] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll IAT C:\Windows\Explorer.EXE[2992] @ C:\Windows\Explorer.EXE [USER32.dll!EndPaint] [744C1CE0] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll IAT C:\Windows\Explorer.EXE[2992] @ C:\Windows\Explorer.EXE [USER32.dll!DeferWindowPos] [744C1B60] C:\Program Files\Elex-tech\YAC\iDskDllPatch.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{108C3841-21A3-11E4-82B1-806E6F6E6963} 2099556872 ---- EOF - GMER 2.1 ----