GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-03 12:29:48 Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4 ST3500418AS rev.CC38 465,76GB Running: hw9i517h.exe; Driver: C:\Users\21\AppData\Local\Temp\uglcaaoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x8D7DD7F0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x8D7DD8B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x8D7DD870] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x8D7DD830] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 830509E5 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83070512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 14CB 83077AC0 4 Bytes [F0, D7, 7D, 8D] {XLAT BYTE [EBX+AL]; JGE 0xffffff91} .text ntoskrnl.exe!KeRemoveQueueEx + 15DB 83077BD0 4 Bytes [B0, D8, 7D, 8D] {MOV AL, 0xd8; JGE 0xffffff91} .text ntoskrnl.exe!KeRemoveQueueEx + 18E7 83077EDC 4 Bytes [70, D8, 7D, 8D] {JO 0xffffffda; JGE 0xffffff91} .text ntoskrnl.exe!KeRemoveQueueEx + 192F 83077F24 4 Bytes [30, D8, 7D, 8D] {XOR AL, BL; JGE 0xffffff91} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94C0C000, 0x141DE8, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1784] kernel32.dll!SetUnhandledExceptionFilter 756EF4FB 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Mozilla Firefox\firefox.exe[5192] ntdll.dll!LdrGetProcedureAddress + 26 77362239 7 Bytes JMP 5807EEB0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5192] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 756E941E 7 Bytes JMP 58689778 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5192] kernel32.dll!QueryPerformanceCounter + 13 756EC435 7 Bytes JMP 5868979B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5192] kernel32.dll!LoadAppInitDlls + 355 756EF4F6 7 Bytes JMP 58084CE9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5192] GDI32.dll!GetViewportOrgEx + 26C 7747884B 7 Bytes JMP 586896F9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5448] USER32.dll!RegisterMessagePumpHook + 2F1 75E68B9E 7 Bytes JMP 5875D8D4 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5448] USER32.dll!IsDialogMessageW + 340 75E74444 7 Bytes JMP 5875D863 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5448] USER32.dll!GetWindowInfo 75E74B5E 5 Bytes JMP 585B2A67 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5448] USER32.dll!ToUnicodeEx + 71 75E82223 7 Bytes JMP 585B306A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtCreateFile + 6 773455CE 4 Bytes [28, 10, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtCreateFile + B 773455D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtCreateKey + 6 7734560E 4 Bytes [68, 11, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtCreateKey + B 77345613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtCreateMutant + 6 7734564E 4 Bytes [68, 12, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtCreateMutant + B 77345653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtCreateSection + 6 773456EE 4 Bytes [A8, 12, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtCreateSection + B 773456F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtMapViewOfSection + B 77345C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenFile + 6 77345CDE 4 Bytes [68, 10, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenFile + B 77345CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenKey + 6 77345D0E 4 Bytes [A8, 11, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenKey + B 77345D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenKeyEx + B 77345D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenMutant + 6 77345D5E 4 Bytes [28, 12, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenMutant + B 77345D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenProcess + 6 77345D8E 4 Bytes [68, 13, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenProcess + B 77345D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenProcessToken + 6 77345D9E 4 Bytes [A8, 13, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenProcessToken + B 77345DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenProcessTokenEx + 6 77345DAE 4 Bytes [68, 14, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenProcessTokenEx + B 77345DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenSection + B 77345DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenThread + 6 77345E0E 4 Bytes [28, 13, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenThread + B 77345E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenThreadToken + 6 77345E1E 4 Bytes [28, 14, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenThreadToken + B 77345E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenThreadTokenEx + 6 77345E2E 4 Bytes [A8, 14, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtOpenThreadTokenEx + B 77345E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtQueryAttributesFile + 6 77345F3E 4 Bytes [A8, 10, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtQueryAttributesFile + B 77345F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtQueryFullAttributesFile + B 77345FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtSetInformationFile + 6 7734663E 4 Bytes [28, 11, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtSetInformationFile + B 77346643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtSetInformationThread + B 773466A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtUnmapViewOfSection + 6 773469BE 4 Bytes [28, 15, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ntdll.dll!NtUnmapViewOfSection + B 773469C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] kernel32.dll!CreateProcessW 756A204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] kernel32.dll!CreateProcessA 756A2082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!ActivateKeyboardLayout 75E68203 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!ScreenToClient 75E6A506 7 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!RegisterClipboardFormatA 75E6C091 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!RegisterClipboardFormatW 75E6DF8D 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!SetCursor 75E73075 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!MonitorFromWindow 75E73622 7 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!PostMessageW 75E7447B 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!IsWindowVisible 75E74D69 7 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetClientRect 75E754DD 7 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!MapWindowPoints 75E75CAA 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetParent 75E76029 7 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!EmptyClipboard 75E8290C 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!SetClipboardData 75E82962 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetClipboardData 75E82BA7 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetClipboardFormatNameW 75E85FD2 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!SetClipboardViewer 75E86FF6 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetClipboardFormatNameA 75E8700A 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!ChangeClipboardChain 75E9147C 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetTopWindow 75E924D9 7 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!CloseClipboard 75E9446C 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!OpenClipboard 75E9447E 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!IsClipboardFormatAvailable 75E944FF 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetClipboardSequenceNumber 75E94513 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetClipboardOwner 75E94525 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!CountClipboardFormats 75E9470A 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!EnumClipboardFormats 75E947EC 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetOpenClipboardWindow 75E9480B 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!SetCursorPos 75EAC1B0 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetClipboardViewer 75EC4AF7 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] user32.DLL!GetPriorityClipboardFormat 75EC4BF9 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!DeleteObject 77475F14 5 Bytes JMP 000D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SelectObject 77476640 5 Bytes JMP 000D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SetTextColor 77476906 5 Bytes JMP 000D0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SetBkMode 774769B1 5 Bytes JMP 000D08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!DeleteDC 77476EAA 5 Bytes JMP 000D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetDeviceCaps 77476F7F 5 Bytes JMP 000D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!ExtSelectClipRgn 77477114 5 Bytes JMP 000D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SelectClipRgn 77477242 5 Bytes JMP 000D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SetStretchBltMode 77477705 5 Bytes JMP 000D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetCurrentObject 77477917 5 Bytes JMP 000D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetTextMetricsW 77477B8F 5 Bytes JMP 000D0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetTextAlign 77477DAF 5 Bytes JMP 000D0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!IntersectClipRect 77477DFE 5 Bytes JMP 000D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!ExtTextOutW 77478192 5 Bytes JMP 000D0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SetTextAlign 7747828E 5 Bytes JMP 000D09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetClipBox 77478525 5 Bytes JMP 000D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!MoveToEx 77478C21 5 Bytes JMP 000D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!StretchDIBits 7747A53E 5 Bytes JMP 000D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!RestoreDC 7747A67B 5 Bytes JMP 000D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SaveDC 7747A74B 5 Bytes JMP 000D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetTextExtentPoint32W 7747B4B5 5 Bytes JMP 000D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetTextFaceW 7747B73A 2 Bytes JMP 000D0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetTextFaceW + 3 7747B73D 2 Bytes [C5, 88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetFontData 7747BCC4 5 Bytes JMP 000D0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SetWorldTransform 7747C90A 5 Bytes JMP 000D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!CreateDCA 7747CCA9 5 Bytes JMP 000D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!CreateDCW 7747CF79 5 Bytes JMP 000D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!CreateICW 7747CFD0 5 Bytes JMP 000D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetTextMetricsA 7747D0F2 5 Bytes JMP 000D0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!Rectangle 7747F1FF 5 Bytes JMP 000D09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!LineTo 7747F59B 5 Bytes JMP 000D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SetICMMode 7747FAA4 5 Bytes JMP 000D0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!ExtTextOutA 774803F9 5 Bytes JMP 000D0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetTextExtentPoint32A 774807B0 5 Bytes JMP 000D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!ExtEscape 77482949 5 Bytes JMP 000D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!Escape 77483939 5 Bytes JMP 000D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetTextFaceA 77483E6A 5 Bytes JMP 000D0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SetPolyFillMode 7748D851 5 Bytes JMP 000D0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SetMiterLimit 7748DA0D 5 Bytes JMP 000D0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!EndPage 774900D7 5 Bytes JMP 000D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!ResetDCW 7749050D 5 Bytes JMP 000D0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!GetGlyphOutlineW 7749C1BA 5 Bytes JMP 000D0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!CreateScalableFontResourceW 7749E817 5 Bytes JMP 000D0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!AddFontResourceW 7749EC13 5 Bytes JMP 000D0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!RemoveFontResourceW 7749F109 5 Bytes JMP 000D0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!AbortDoc 774A4C63 5 Bytes JMP 000D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!EndDoc 774A50AA 5 Bytes JMP 000D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!StartPage 774A5195 5 Bytes JMP 000D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!StartDocW 774A5BB0 5 Bytes JMP 000D07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!BeginPath 774A635D 5 Bytes JMP 000D0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!SelectClipPath 774A63B4 5 Bytes JMP 000D0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!CloseFigure 774A640F 5 Bytes JMP 000D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!EndPath 774A6466 5 Bytes JMP 000D0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!StrokePath 774A6699 5 Bytes JMP 000D07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!FillPath 774A6726 5 Bytes JMP 000D0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!PolylineTo 774A6B94 5 Bytes JMP 000D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!PolyBezierTo 774A6C25 5 Bytes JMP 000D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] GDI32.dll!PolyDraw 774A6CD7 5 Bytes JMP 000D08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ole32.dll!OleSetClipboard 760C0045 5 Bytes JMP 003C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ole32.dll!OleIsCurrentClipboard 760C36B2 5 Bytes JMP 003C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe[5508] ole32.dll!OleGetClipboard 760EFDCD 5 Bytes JMP 003C00B0 ---- EOF - GMER 2.1 ----