GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-24 06:11:01 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FBEO 232,89GB Running: upzu7788.exe; Driver: C:\Users\samsung\AppData\Local\Temp\pxrirfoc.sys ---- System - GMER 2.1 ---- INT 0x62 ? 86EB6CB8 INT 0x82 ? 86EB6CB8 INT 0x92 ? 86EB6CB8 INT 0xA2 ? 84C23CB8 INT 0xA2 ? 86EB6CB8 INT 0xA2 ? 86EB6CB8 INT 0xA2 ? 86EB6CB8 INT 0xA2 ? 84C23CB8 INT 0xB2 ? 86EB6CB8 ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x836F2FEE] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[744] ntdll.dll!LdrLoadDll 771E9358 5 Bytes JMP 6C29A161 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] ntdll.dll!NtCreateFile 772241C0 5 Bytes JMP 65DB374A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] ntdll.dll!NtFlushBuffersFile 772246C0 5 Bytes JMP 65DB348A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] ntdll.dll!NtQueryFullAttributesFile 77224BF0 5 Bytes JMP 65DB35C2 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] ntdll.dll!NtReadFile 77224E20 5 Bytes JMP 65DB34C4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] ntdll.dll!NtReadFileScatter 77224E30 5 Bytes JMP 6610CB1D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] ntdll.dll!NtWriteFile 77225430 5 Bytes JMP 65DB38EE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] ntdll.dll!NtWriteFileGather 77225440 5 Bytes JMP 6610CB6D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] kernel32.dll!HeapSetInformation + 26 7736A9B8 7 Bytes JMP 65E7DBC1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] kernel32.dll!LockResource + C 77386BD3 7 Bytes JMP 660F510F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] kernel32.dll!VirtualAllocEx + 54 7738B030 7 Bytes JMP 660F5EF6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] USER32.dll!GetWindowInfo 75D2428E 5 Bytes JMP 66BEE1E3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[744] GDI32.dll!Rectangle + AE 75DB7C4F 7 Bytes JMP 660F4981 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4160] ntdll.dll!LdrLoadDll 771E9358 5 Bytes JMP 6C29A161 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4160] USER32.dll!InSendMessageEx + 4C9 75D1E7C8 7 Bytes JMP 66AD13A8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4160] USER32.dll!CreateWindowExW + AA 75D213AF 7 Bytes JMP 66AD147D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4160] USER32.dll!GetWindowInfo 75D2428E 5 Bytes JMP 66AD3769 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4160] USER32.dll!SetMenuItemBitmaps + 71 75D314EE 7 Bytes JMP 66AD1D03 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtCreateFile + 6 772241C6 4 Bytes [28, 80, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtCreateFile + B 772241CB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtCreateKey + 6 77224206 4 Bytes [68, 81, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtCreateKey + B 7722420B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtCreateMutant + 6 77224236 4 Bytes [28, 82, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtCreateMutant + B 7722423B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtCreateSection + 6 772242B6 4 Bytes [68, 82, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtCreateSection + B 772242BB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtMapViewOfSection + 6 77224916 4 Bytes [A8, 84, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtMapViewOfSection + B 7722491B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenFile + 6 772249A6 4 Bytes [68, 80, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenFile + B 772249AB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenKey + 6 772249D6 4 Bytes [A8, 81, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenKey + B 772249DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenMutant + 6 772249F6 4 Bytes CALL 7622507C C:\Windows\system32\CLBCatQ.DLL .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenMutant + B 772249FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenProcess + 6 77224A26 4 Bytes [28, 83, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenProcess + B 77224A2B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenProcessToken + 6 77224A36 4 Bytes [68, 83, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenProcessToken + B 77224A3B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenProcessTokenEx + 6 77224A46 4 Bytes [28, 84, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenProcessTokenEx + B 77224A4B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenSection + 6 77224A56 4 Bytes [A8, 82, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenSection + B 77224A5B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenThread + 6 77224A96 4 Bytes CALL 7622511D C:\Windows\system32\CLBCatQ.DLL .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenThread + B 77224A9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenThreadToken + 6 77224AA6 4 Bytes CALL 7622512E C:\Windows\system32\CLBCatQ.DLL .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenThreadToken + B 77224AAB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenThreadTokenEx + 6 77224AB6 4 Bytes [68, 84, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtOpenThreadTokenEx + B 77224ABB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtQueryAttributesFile + 6 77224B46 4 Bytes [A8, 80, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtQueryAttributesFile + B 77224B4B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtQueryFullAttributesFile + 6 77224BF6 4 Bytes CALL 7622527B C:\Windows\system32\CLBCatQ.DLL .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtQueryFullAttributesFile + B 77224BFB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtSetInformationFile + 6 772250D6 4 Bytes [28, 81, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtSetInformationFile + B 772250DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtSetInformationThread + 6 77225126 4 Bytes [A8, 83, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtSetInformationThread + B 7722512B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtUnmapViewOfSection + 6 772253C6 4 Bytes CALL 76225A4F C:\Windows\system32\CLBCatQ.DLL .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ntdll.dll!NtUnmapViewOfSection + B 772253CB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] kernel32.dll!CreateProcessW 77341BF3 5 Bytes JMP 002700B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] kernel32.dll!CreateProcessA 77341C28 5 Bytes JMP 002700F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] kernel32.dll!OpenEventW 7735C033 5 Bytes JMP 00270070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] kernel32.dll!CreateEventW 7738B93E 5 Bytes JMP 00270030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!DeleteObject 75DB5A37 5 Bytes JMP 005F01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetDeviceCaps 75DB617F 5 Bytes JMP 005F03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SelectObject 75DB62A0 5 Bytes JMP 005F05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SetTextColor 75DB666B 5 Bytes JMP 005F0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SetBkMode 75DB6716 5 Bytes JMP 005F08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!DeleteDC 75DB68CD 5 Bytes JMP 005F0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetCurrentObject 75DB6B58 5 Bytes JMP 005F0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SetStretchBltMode 75DB7206 5 Bytes JMP 005F06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SaveDC 75DB754D 5 Bytes JMP 005F0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!RestoreDC 75DB7608 5 Bytes JMP 005F0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!StretchDIBits 75DB783D 5 Bytes JMP 005F0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!ExtSelectClipRgn 75DB7966 5 Bytes JMP 005F02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SelectClipRgn 75DB7A67 5 Bytes JMP 005F05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!Rectangle 75DB7BA1 5 Bytes JMP 005F09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetTextAlign 75DB8180 5 Bytes JMP 005F0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SetTextAlign 75DB846B 5 Bytes JMP 005F09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!ExtTextOutW 75DB8501 5 Bytes JMP 005F0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!MoveToEx 75DB8806 5 Bytes JMP 005F0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetTextMetricsW 75DB8A3E 5 Bytes JMP 005F0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!IntersectClipRect 75DB8B21 5 Bytes JMP 005F03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetClipBox 75DB902E 5 Bytes JMP 005F0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SetICMMode 75DB94A4 5 Bytes JMP 005F0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!CreateDCW 75DBA8D5 5 Bytes JMP 005F00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!CreateDCA 75DBAA01 5 Bytes JMP 005F00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!CreateICW 75DBB2A1 5 Bytes JMP 005F0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetTextFaceW 75DBB5EF 5 Bytes JMP 005F0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetFontData 75DBBA24 5 Bytes JMP 005F0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetTextExtentPoint32W 75DBBFD2 5 Bytes JMP 005F0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SetWorldTransform 75DBC422 5 Bytes JMP 005F06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!LineTo 75DBC616 5 Bytes JMP 005F0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetTextMetricsA 75DBCCA3 5 Bytes JMP 005F0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!ExtTextOutA 75DC0141 5 Bytes JMP 005F0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!ExtEscape 75DC224F 5 Bytes JMP 005F02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!Escape 75DC2799 5 Bytes JMP 005F0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!ResetDCW 75DC30DA 5 Bytes JMP 005F0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!EndPage 75DC3706 5 Bytes JMP 005F0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SetPolyFillMode 75DC617B 5 Bytes JMP 005F0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SetMiterLimit 75DC628A 5 Bytes JMP 005F0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetTextFaceA 75DCF596 5 Bytes JMP 005F0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetTextExtentPoint32A 75DCF90A 5 Bytes JMP 005F0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!GetGlyphOutlineW 75DDA5F7 5 Bytes JMP 005F0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!CreateScalableFontResourceW 75DDCA53 5 Bytes JMP 005F0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!AddFontResourceW 75DDCE5B 5 Bytes JMP 005F0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!RemoveFontResourceW 75DDD2F1 5 Bytes JMP 005F0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!AbortDoc 75DE2FC8 5 Bytes JMP 005F0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!EndDoc 75DE33DC 5 Bytes JMP 005F01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!StartPage 75DE34C7 5 Bytes JMP 005F0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!StartDocW 75DE3FAB 5 Bytes JMP 005F07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!BeginPath 75DE4765 5 Bytes JMP 005F0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!SelectClipPath 75DE47BC 5 Bytes JMP 005F0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!CloseFigure 75DE4817 5 Bytes JMP 005F0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!EndPath 75DE486E 5 Bytes JMP 005F0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!StrokePath 75DE4AA0 5 Bytes JMP 005F07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!FillPath 75DE4B2C 5 Bytes JMP 005F0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!PolylineTo 75DE4F95 5 Bytes JMP 005F04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!PolyBezierTo 75DE5025 5 Bytes JMP 005F04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] GDI32.dll!PolyDraw 75DE50D6 5 Bytes JMP 005F08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!SetCursor 75D1D37D 5 Bytes JMP 00600530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!RegisterClipboardFormatW 75D1D6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!RegisterClipboardFormatW 75D1D6AC 5 Bytes JMP 006002B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!ActivateKeyboardLayout 75D2478C 5 Bytes JMP 006004F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!IsWindowVisible 75D2878A 7 Bytes JMP 006006B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!MonitorFromWindow 75D288D4 7 Bytes JMP 00600630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!ScreenToClient 75D28C56 7 Bytes JMP 00600670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetClientRect 75D28F0D 7 Bytes JMP 006005B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetParent 75D290AA 7 Bytes JMP 006006F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!RegisterClipboardFormatA 75D2A111 5 Bytes JMP 006002F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!PostMessageW 75D2A175 5 Bytes JMP 006005F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!MapWindowPoints 75D2A30D 5 Bytes JMP 00600570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetClipboardFormatNameA 75D2A552 5 Bytes JMP 00600270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetOpenClipboardWindow 75D326A6 5 Bytes JMP 006003F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!SetClipboardViewer 75D3BA2D 5 Bytes JMP 006004B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!IsClipboardFormatAvailable 75D3C2E3 5 Bytes JMP 006000F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!CloseClipboard 75D3C2F7 5 Bytes JMP 006000B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!OpenClipboard 75D3C31D 5 Bytes JMP 00600070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetTopWindow 75D3CE0A 7 Bytes JMP 00600730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetClipboardSequenceNumber 75D3D8B7 5 Bytes JMP 00600330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!ChangeClipboardChain 75D3DF83 5 Bytes JMP 00600430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!CountClipboardFormats 75D40048 5 Bytes JMP 006001F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetClipboardOwner 75D426EF 5 Bytes JMP 00600370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!SetClipboardData 75D56410 5 Bytes JMP 00600170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!EnumClipboardFormats 75D56D16 5 Bytes JMP 006001B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!SetCursorPos 75D56FB2 5 Bytes JMP 00600770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetClipboardData 75D5715A 5 Bytes JMP 00600030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetClipboardFormatNameW 75D5A99F 5 Bytes JMP 00600230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!EmptyClipboard 75D7398B 5 Bytes JMP 00600130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetClipboardViewer 75D739ED 5 Bytes JMP 00600470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] USER32.dll!GetPriorityClipboardFormat 75D73AEF 5 Bytes JMP 006003B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ole32.dll!OleGetClipboard 761173D9 5 Bytes JMP 006100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ole32.dll!OleSetClipboard 761410B7 5 Bytes JMP 00610030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] ole32.dll!OleIsCurrentClipboard 7614A8E1 5 Bytes JMP 00610070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] Secur32.dll!FreeContextBuffer 75712D83 5 Bytes JMP 006300F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] Secur32.dll!DeleteSecurityContext 75712F18 5 Bytes JMP 00630270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] Secur32.dll!FreeCredentialsHandle 75713598 5 Bytes JMP 00630130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] Secur32.dll!EncryptMessage 75713745 5 Bytes JMP 006301F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] Secur32.dll!DecryptMessage 75713813 5 Bytes JMP 00630230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] Secur32.dll!InitializeSecurityContextA 757187DF 5 Bytes JMP 00630170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] Secur32.dll!AcquireCredentialsHandleA 75718A43 5 Bytes JMP 00630030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] Secur32.dll!QueryContextAttributesA 75718E77 5 Bytes JMP 00630070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] Secur32.dll!ApplyControlToken 7571DE4F 5 Bytes JMP 006301B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe[4280] Secur32.dll!QueryCredentialsAttributesA 7571E052 5 Bytes JMP 006300B0 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74007817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7405A6CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7400BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FFF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FFE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74038305] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7400DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FFFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FFFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FF71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7408CC10] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7402C840] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FFD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FF6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FF687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74002AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19466_none_9e569fe0ca125e1d\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 84C271F8 Device \Driver\netbt \Device\NetBT_Tcpip_{A1A2AB03-9A27-44EB-87AA-7A22AB47E15B} 876EF1F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys Device \Driver\usbuhci \Device\USBPDO-0 870B41F8 Device \Driver\usbuhci \Device\USBPDO-1 870B41F8 Device \Driver\usbuhci \Device\USBPDO-2 870B41F8 Device \Driver\usbehci \Device\USBPDO-3 86FA31F8 Device \Driver\usbuhci \Device\USBPDO-4 870B41F8 Device \Driver\usbuhci \Device\USBPDO-5 870B41F8 Device \Driver\usbuhci \Device\USBPDO-6 870B41F8 Device \Driver\usbehci \Device\USBPDO-7 86FA31F8 Device \Driver\cdrom \Device\CdRom0 86FA11F8 Device \Driver\iaStor \Device\Ide\iaStor0 [884A9860] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [884A9860] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [884A9860] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\netbt \Device\NetBT_Tcpip_{4381697F-A5FA-46A8-A6E7-B0FFEFF08004} 876EF1F8 Device \Driver\USBSTOR \Device\00000069 86EF71F8 Device \Driver\netbt \Device\NetBt_Wins_Export 876EF1F8 Device \Driver\Smb \Device\NetbiosSmb 877DA1F8 Device \Driver\iScsiPrt \Device\RaidPort0 870891F8 Device \Driver\USBSTOR \Device\0000006a 86EF71F8 Device \Driver\usbuhci \Device\USBFDO-0 870B41F8 Device \Driver\USBSTOR \Device\0000006c 86EF71F8 Device \Driver\USBSTOR \Device\0000006d 86EF71F8 Device \Driver\usbuhci \Device\USBFDO-1 870B41F8 Device \Driver\usbuhci \Device\USBFDO-2 870B41F8 Device \Driver\usbehci \Device\USBFDO-3 86FA31F8 Device \Driver\usbuhci \Device\USBFDO-4 870B41F8 Device \Driver\usbuhci \Device\USBFDO-5 870B41F8 Device \Driver\usbuhci \Device\USBFDO-6 870B41F8 Device \Driver\usbehci \Device\USBFDO-7 86FA31F8 Device \FileSystem\cdfs \Cdfs 84E10440 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002787923ce Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f37b91 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f5d89c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cdd0c4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x81 0x9C 0x00 0x68 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x55 0x78 0x11 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7C 0xA8 0x08 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5A 0x21 0xE3 0xA0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC5 0xB7 0x27 0x1A ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0002787923ce (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x81 0x9C 0x00 0x68 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x55 0x78 0x11 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7C 0xA8 0x08 0x60 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5A 0x21 0xE3 0xA0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC5 0xB7 0x27 0x1A ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Vbox\Licenses\CorelDRAW\xae Graphics Suite_11_D639.lic 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\Common Files\Vbox\Licenses\CorelDRAW\xae Graphics Suite_11_D639.prf 2 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----