GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-05 16:00:26 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB Running: vh0cfc4v.exe; Driver: C:\Users\Win7\AppData\Local\Temp\aftcyaod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8C631AD6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x8C6EE83C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8C6325B4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x8C63E6B8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8C63E704] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8C63E89E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x8C63E626] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x8C6EEC16] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8C63E66E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x8C6EEEA6] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x8C6EEF90] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x8C63E858] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8C6333A2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8C631B3C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x8C6EF094] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x8C6EE914] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x8C6EBAA4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8C6EECF6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8C631BA2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8C636FE8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8C633EE6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x8C63E6E2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8C63E726] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8C63E8C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x8C63E64C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x8C6364EA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x8C63E7D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8C63E696] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x8C6368D6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x8C63E87C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8C6EEA94] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x8C633CFE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8C633A0C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8C631C08] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8C631C6E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x8C6EEDF2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8C6317C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8C631994] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8C631922] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8C63356C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x8C6336CE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8C631A1C] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x8C6EEB62] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x8C6331FC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x8C6EBAD4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x8C631CD4] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x8C6EE9C6] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRequestPort + 14AD 8228DBB5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822C7B92 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 822CEF90 4 Bytes [D6, 1A, 63, 8C] {SALC ; SBB AH, [EBX-0x74]} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 822CEFB8 4 Bytes [3C, E8, 6E, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 822CF018 4 Bytes [B4, 25, 63, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 822CF06C 8 Bytes [B8, E6, 63, 8C, 04, E7, 63, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 822CF078 4 Bytes CALL DC587CE0 .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1424] kernel32.dll!SetUnhandledExceptionFilter 7691F5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1544] kernel32.dll!SetUnhandledExceptionFilter 7691F5FB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP } .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtCreateFile + 6 77C85626 4 Bytes [28, 00, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtCreateFile + B 77C8562B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtCreateKey + 6 77C85666 4 Bytes [68, 01, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtCreateKey + B 77C8566B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtCreateMutant + 6 77C856A6 4 Bytes [68, 02, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtCreateMutant + B 77C856AB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtCreateSection + 6 77C85746 4 Bytes [A8, 02, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtCreateSection + B 77C8574B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtMapViewOfSection + 6 77C85C86 4 Bytes CALL 76C8638F C:\windows\system32\SHELL32.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtMapViewOfSection + B 77C85C8B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenFile + 6 77C85D36 4 Bytes [68, 00, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenFile + B 77C85D3B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenKey + 6 77C85D66 4 Bytes [A8, 01, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenKey + B 77C85D6B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenKeyEx + 6 77C85D76 4 Bytes CALL 76C8647C C:\windows\system32\SHELL32.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenKeyEx + B 77C85D7B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenMutant + 6 77C85DB6 4 Bytes [28, 02, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenMutant + B 77C85DBB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenProcess + 6 77C85DE6 1 Byte [68] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenProcess + 6 77C85DE6 4 Bytes [68, 03, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenProcess + B 77C85DEB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenProcessToken + 6 77C85DF6 1 Byte [A8] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenProcessToken + 6 77C85DF6 4 Bytes [A8, 03, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenProcessToken + B 77C85DFB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenProcessTokenEx + 6 77C85E06 4 Bytes [68, 04, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenProcessTokenEx + B 77C85E0B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenSection + 6 77C85E26 4 Bytes CALL 76C8652D C:\windows\system32\SHELL32.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenSection + B 77C85E2B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenThread + 6 77C85E66 1 Byte [28] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenThread + 6 77C85E66 4 Bytes [28, 03, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenThread + B 77C85E6B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenThreadToken + 6 77C85E76 4 Bytes [28, 04, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenThreadToken + B 77C85E7B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E86 4 Bytes [A8, 04, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtOpenThreadTokenEx + B 77C85E8B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtQueryAttributesFile + 6 77C85F96 4 Bytes [A8, 00, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtQueryAttributesFile + B 77C85F9B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtQueryFullAttributesFile + 6 77C86046 4 Bytes CALL 76C8674B C:\windows\system32\SHELL32.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtQueryFullAttributesFile + B 77C8604B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtSetInformationFile + 6 77C86696 4 Bytes [28, 01, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtSetInformationFile + B 77C8669B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtSetInformationThread + 6 77C866F6 1 Byte [E8] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtSetInformationThread + 6 77C866F6 4 Bytes CALL 76C86DFE C:\windows\system32\SHELL32.dll .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtSetInformationThread + B 77C866FB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtUnmapViewOfSection + 6 77C86A16 4 Bytes [28, 05, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ntdll.dll!NtUnmapViewOfSection + B 77C86A1B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] kernel32.dll!CreateProcessW 768D204D 5 Bytes JMP 00080030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] kernel32.dll!CreateProcessA 768D2082 5 Bytes JMP 00080070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!ActivateKeyboardLayout 77748203 5 Bytes JMP 000C04F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!ScreenToClient 7774A506 7 Bytes JMP 000C0670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!RegisterClipboardFormatA 7774C091 5 Bytes JMP 000C02F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!RegisterClipboardFormatW 7774DF8D 5 Bytes JMP 000C02B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!SetCursor 77753075 5 Bytes JMP 000C0530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!MonitorFromWindow 77753622 7 Bytes JMP 000C0630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!PostMessageW 7775447B 5 Bytes JMP 000C05F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!IsWindowVisible 77754D69 7 Bytes JMP 000C06B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetClientRect 777554DD 7 Bytes JMP 000C05B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!MapWindowPoints 77755CAA 5 Bytes JMP 000C0570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetParent 77756029 7 Bytes JMP 000C06F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!EmptyClipboard 7776290C 5 Bytes JMP 000C0130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!SetClipboardData 77762962 5 Bytes JMP 000C0170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetClipboardData 77762BA7 5 Bytes JMP 000C0030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetClipboardFormatNameW 77765FD2 5 Bytes JMP 000C0230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!SetClipboardViewer 77766FF6 5 Bytes JMP 000C04B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetClipboardFormatNameA 7776700A 5 Bytes JMP 000C0270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!ChangeClipboardChain 7777147C 5 Bytes JMP 000C0430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetTopWindow 777724D9 7 Bytes JMP 000C0730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!CloseClipboard 7777446C 5 Bytes JMP 000C00B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!OpenClipboard 7777447E 5 Bytes JMP 000C0070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!IsClipboardFormatAvailable 777744FF 5 Bytes JMP 000C00F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetClipboardSequenceNumber 77774513 5 Bytes JMP 000C0330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetClipboardOwner 77774525 5 Bytes JMP 000C0370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!CountClipboardFormats 7777470A 5 Bytes JMP 000C01F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!EnumClipboardFormats 777747EC 5 Bytes JMP 000C01B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetOpenClipboardWindow 7777480B 5 Bytes JMP 000C03F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!SetCursorPos 7778C1B0 5 Bytes JMP 000C0770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetClipboardViewer 777A4AF7 5 Bytes JMP 000C0470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] user32.DLL!GetPriorityClipboardFormat 777A4BF9 5 Bytes JMP 000C03B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!DeleteObject 776F5F14 5 Bytes JMP 002401B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SelectObject 776F6640 5 Bytes JMP 002405F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SetTextColor 776F6906 5 Bytes JMP 00240A30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SetBkMode 776F69B1 5 Bytes JMP 002408F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!DeleteDC 776F6EAA 5 Bytes JMP 00240170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetDeviceCaps 776F6F7F 5 Bytes JMP 002403B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!ExtSelectClipRgn 776F7114 5 Bytes JMP 002402F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SelectClipRgn 776F7242 5 Bytes JMP 002405B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetCurrentObject 776F782B 5 Bytes JMP 00240370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SetStretchBltMode 776F7872 5 Bytes JMP 002406B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetTextMetricsW 776F7B1F 5 Bytes JMP 00240E30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetTextAlign 776F7D3F 5 Bytes JMP 00240D70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!IntersectClipRect 776F7D8E 5 Bytes JMP 002403F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!ExtTextOutW 776F8122 5 Bytes JMP 00240970 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SetTextAlign 776F821E 5 Bytes JMP 002409F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetClipBox 776F84B5 5 Bytes JMP 00240330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!MoveToEx 776F8BB1 5 Bytes JMP 00240470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!StretchDIBits 776FA204 5 Bytes JMP 00240770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!RestoreDC 776FA341 5 Bytes JMP 00240530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SaveDC 776FA411 5 Bytes JMP 00240570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetTextExtentPoint32W 776FB17D 5 Bytes JMP 00240670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetTextFaceW 776FB402 5 Bytes JMP 00240D30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetFontData 776FB98C 5 Bytes JMP 00240C70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!CreateDCA 776FBDC9 5 Bytes JMP 002400B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!CreateDCW 776FC099 5 Bytes JMP 002400F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!CreateICW 776FC0F0 5 Bytes JMP 00240130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SetWorldTransform 776FCD04 5 Bytes JMP 002406F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetTextMetricsA 776FD328 5 Bytes JMP 00240DF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!Rectangle 776FF1BD 5 Bytes JMP 002409B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!LineTo 776FF559 5 Bytes JMP 00240430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SetICMMode 776FFA62 5 Bytes JMP 00240DB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!ExtTextOutA 77700CDE 5 Bytes JMP 00240930 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetTextExtentPoint32A 7770113D 5 Bytes JMP 00240630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!ExtEscape 77702D09 5 Bytes JMP 002402B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!Escape 777033C0 5 Bytes JMP 00240270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!ResetDCW 77703A5B 5 Bytes JMP 00240AB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!EndPage 7770409A 5 Bytes JMP 00240230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SetPolyFillMode 77706741 5 Bytes JMP 00240B30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SetMiterLimit 777068FD 5 Bytes JMP 00240B70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetTextFaceA 77710C82 5 Bytes JMP 00240CF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!GetGlyphOutlineW 7771C39A 5 Bytes JMP 00240CB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!CreateScalableFontResourceW 7771E9F7 5 Bytes JMP 00240BB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!AddFontResourceW 7771EDF3 5 Bytes JMP 00240BF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!RemoveFontResourceW 7771F2E9 5 Bytes JMP 00240C30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!AbortDoc 77724F9B 5 Bytes JMP 00240030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!EndDoc 777253E2 5 Bytes JMP 002401F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!StartPage 777254CD 5 Bytes JMP 00240730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!StartDocW 77725EE8 5 Bytes JMP 002407F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!BeginPath 77726695 5 Bytes JMP 00240830 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SelectClipPath 777266EC 1 Byte [E9] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!SelectClipPath 777266EC 5 Bytes JMP 00240AF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!CloseFigure 77726747 5 Bytes JMP 00240070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!EndPath 7772679E 5 Bytes JMP 00240A70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!StrokePath 777269D1 5 Bytes JMP 002407B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!FillPath 77726A5E 5 Bytes JMP 00240870 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!PolylineTo 77726ECC 5 Bytes JMP 002404F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!PolyBezierTo 77726F5D 5 Bytes JMP 002404B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] GDI32.dll!PolyDraw 7772700F 5 Bytes JMP 002408B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ole32.dll!OleSetClipboard 76560225 5 Bytes JMP 00260030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ole32.dll!OleIsCurrentClipboard 765636A6 5 Bytes JMP 00260070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe[2152] ole32.dll!OleGetClipboard 7658FDBD 5 Bytes JMP 002600B0 ? C:\Program Files\Common Files\Java\Java Update\jusched.exe[2704] C:\windows\system32\advapi32.DLL IMAGE_DOS_SIGNATURE not found; ? C:\Program Files\Common Files\Java\Java Update\jusched.exe[2704] C:\windows\system32\USERENV.dll IMAGE_DOS_SIGNATURE not found; .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] ntdll.dll!NtCreateFile 77C85620 5 Bytes JMP 5E92858B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] ntdll.dll!NtFlushBuffersFile 77C859B0 5 Bytes JMP 5E9282CB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] ntdll.dll!NtQueryFullAttributesFile 77C86040 5 Bytes JMP 5E928403 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] ntdll.dll!NtReadFile 77C86310 5 Bytes JMP 5E928305 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] ntdll.dll!NtReadFileScatter 77C86320 5 Bytes JMP 5EF1D167 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] ntdll.dll!NtWriteFile 77C86AC0 5 Bytes JMP 5E92872F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] ntdll.dll!NtWriteFileGather 77C86AD0 5 Bytes JMP 5EF1D1B7 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] ntdll.dll!LdrUnloadDll 77C9CB1E 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] ntdll.dll!LdrLoadDll 77CA24C6 5 Bytes JMP 6BC68F8C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 7691952E 7 Bytes JMP 5EF04A22 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] KERNEL32.dll!QueryPerformanceCounter + 13 7691C535 7 Bytes JMP 5EF05B9E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] KERNEL32.dll!LoadAppInitDlls + 355 7691F5F6 7 Bytes JMP 5EC8C75E C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] USER32.dll!GetWindowInfo 77754B5E 5 Bytes JMP 5F98CEEB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3408] GDI32.dll!GetViewportOrgEx + 26C 776F87DB 7 Bytes JMP 5EF041B3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5864] ntdll.dll!LdrLoadDll 77CA24C6 5 Bytes JMP 6BC68F8C C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5864] USER32.dll!RegisterMessagePumpHook + 2F1 77748B9E 7 Bytes JMP 5F86CBB4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5864] USER32.dll!IsDialogMessageW + 340 77754444 7 Bytes JMP 5F86CC89 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5864] USER32.dll!GetWindowInfo 77754B5E 5 Bytes JMP 5F86EFE6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5864] USER32.dll!ToUnicodeEx + 71 77762223 7 Bytes JMP 5F86D558 C:\Program Files\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d93418 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d93418 (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Diagtrack@LastHeartBeatTime 0xD3 0xAE 0x3A 0x07 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe 0x57 0x79 0xDC 0xD7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\ASUS\AsusVibe\AsusVibe2.0.exe 0xF7 0x21 0xBB 0xE2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\ASUS\LiveUpdate\EeeStorageCommander.exe 0xFD 0x3B 0x14 0xF5 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0x0D 0x0A 0xB0 0xF6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x43 0xA2 0x4A 0xB0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0xEB 0x97 0x82 0x22 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe 0x77 0x1B 0xAA 0xA1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 0xE1 0xAF 0x1A 0x24 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbam.exe 0xEF 0xC3 0x51 0x91 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\VshareComplete\FireFoxExtension.exe 0x1F 0x9C 0x74 0x4A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\VshareComplete\InstTracker.exe 0xF6 0xCD 0x8B 0x4A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTel\wicainventory.exe 0x9B 0x05 0xB1 0xD0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xD0 0xD2 0xE5 0xB0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x26 0x89 0x22 0x3B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\GWX\GWXConfigManager.exe 0x02 0xE4 0x3A 0x1B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0xC4 0xA0 0x79 0x54 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x5F 0x05 0x4B 0x3D ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbam.exe 0x24 0x3C 0xCE 0xC6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@8FA4B421 1574 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 948 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 ---- Files - GMER 2.1 ---- File C:\Windows\Temp\_avast_\ws0FCFF8D8.dat 0 bytes File C:\Windows\Temp\_avast_\ws0FF6A320.dat 0 bytes File C:\Windows\Temp\_avast_\ws0FF6A438.dat 0 bytes File C:\Windows\Temp\_avast_\ws0FF6A898.dat 0 bytes ---- EOF - GMER 2.1 ----