GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-23 13:07:32 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB Running: b361l7i6.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kwtiapod.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600008ac00 15 bytes [00, 8E, 0B, 02, 80, 32, 6E, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600008ac10 11 bytes [00, 41, FC, FF, C0, 7D, F9, ...] ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\dwm.exe[988] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffc5f2cb6f4 10 bytes JMP 00007ffc5f020420 .text C:\WINDOWS\system32\dwm.exe[988] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffc5f2d45d8 5 bytes JMP 00007ffc5f0203e8 .text C:\WINDOWS\system32\dwm.exe[988] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc5f2d4750 9 bytes JMP 00007ffc5f020378 .text C:\WINDOWS\system32\dwm.exe[988] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffc5f2e4fc0 5 bytes JMP 00007ffc5f0203b0 .text C:\WINDOWS\system32\dwm.exe[988] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc5f2e5cb0 5 bytes JMP 00007ffc5f020458 .text C:\WINDOWS\system32\dwm.exe[988] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc60e61500 1 byte JMP 00007ffc5f020490 .text C:\WINDOWS\system32\dwm.exe[988] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffc60e61502 6 bytes {JMP 0xfffffffffe1bef90} .text C:\WINDOWS\system32\dwm.exe[988] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc60e61750 8 bytes JMP 00007ffc5f0204c8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc615528a0 7 bytes JMP 00007ffc5f020260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc615543b8 7 bytes JMP 00007ffc5f020298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffc61601f00 7 bytes JMP 00007ffc5f020308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffc61604094 7 bytes JMP 00007ffc5f020340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc616044f0 7 bytes JMP 00007ffc5f0202d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc6162ce0c 7 bytes JMP 00007ffc5f0201f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc6162ce7c 7 bytes JMP 00007ffc5f020228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc5f032a80 7 bytes JMP 00007ffc5f0200d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffc5f035fc0 5 bytes JMP 00007ffc5f020180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc5f0360b0 5 bytes JMP 00007ffc5f020148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc5f036750 5 bytes JMP 00007ffc5f020110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc5f0aa200 5 bytes JMP 00007ffc5f0201b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffc60ca9318 7 bytes JMP 00007ffc5f020538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1044] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffc60cacbe0 7 bytes JMP 00007ffc5f020500 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3160] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffc5f2cb6f4 10 bytes JMP 00007ffc5f020420 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3160] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffc5f2d45d8 5 bytes JMP 00007ffc5f0203e8 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3160] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc5f2d4750 9 bytes JMP 00007ffc5f020378 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3160] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffc5f2e4fc0 5 bytes JMP 00007ffc5f0203b0 .text C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe[3160] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc5f2e5cb0 5 bytes JMP 00007ffc5f020458 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc615528a0 7 bytes JMP 00007ffc5f020260 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc615543b8 7 bytes JMP 00007ffc5f020298 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffc61601f00 7 bytes JMP 00007ffc5f020308 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffc61604094 7 bytes JMP 00007ffc5f020340 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc616044f0 7 bytes JMP 00007ffc5f0202d0 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc6162ce0c 7 bytes JMP 00007ffc5f0201f0 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc6162ce7c 7 bytes JMP 00007ffc5f020228 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc5f032a80 7 bytes JMP 00007ffc5f0200d8 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffc5f035fc0 5 bytes JMP 00007ffc5f020180 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc5f0360b0 5 bytes JMP 00007ffc5f020148 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc5f036750 5 bytes JMP 00007ffc5f020110 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc5f0aa200 5 bytes JMP 00007ffc5f0201b8 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW 00007ffc5f2cb6f4 10 bytes JMP 00007ffc5f020420 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffc5f2d45d8 5 bytes JMP 00007ffc5f0203e8 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffc5f2d4750 9 bytes JMP 00007ffc5f020378 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffc5f2e4fc0 5 bytes JMP 00007ffc5f0203b0 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffc5f2e5cb0 5 bytes JMP 00007ffc5f020458 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc60e61500 1 byte JMP 00007ffc5f020490 .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffc60e61502 6 bytes {JMP 0xfffffffffe1bef90} .text C:\WINDOWS\system32\DllHost.exe[4208] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc60e61750 8 bytes JMP 00007ffc5f0204c8 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc615528a0 7 bytes JMP 00007ffc5f020260 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc615543b8 7 bytes JMP 00007ffc5f020298 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffc61601f00 7 bytes JMP 00007ffc5f020308 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffc61604094 7 bytes JMP 00007ffc5f020340 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc616044f0 7 bytes JMP 00007ffc5f0202d0 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc6162ce0c 7 bytes JMP 00007ffc5f0201f0 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc6162ce7c 7 bytes JMP 00007ffc5f020228 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc5f032a80 7 bytes JMP 00007ffc5f0200d8 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffc5f035fc0 5 bytes JMP 00007ffc5f020180 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc5f0360b0 5 bytes JMP 00007ffc5f020148 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc5f036750 5 bytes JMP 00007ffc5f020110 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc5f0aa200 5 bytes JMP 00007ffc5f0201b8 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc60e61500 1 byte JMP 00007ffc5f020490 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffc60e61502 6 bytes {JMP 0xfffffffffe1bef90} .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc60e61750 8 bytes JMP 00007ffc5f0204c8 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffc5f2cb6f4 10 bytes JMP 00007ffc5f020420 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffc5f2d45d8 5 bytes JMP 00007ffc5f0203e8 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc5f2d4750 9 bytes JMP 00007ffc5f020378 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffc5f2e4fc0 5 bytes JMP 00007ffc5f0203b0 .text C:\WINDOWS\System32\Taskmgr.exe[4708] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc5f2e5cb0 5 bytes JMP 00007ffc5f020458 .text C:\WINDOWS\SysWOW64\ctfmon.exe[4480] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000717c1003 2 bytes [7C, 71] .text C:\WINDOWS\SysWOW64\ctfmon.exe[4480] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000717c1016 2 bytes [7C, 71] .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc615528a0 7 bytes JMP 00007ffc5f020260 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc615543b8 7 bytes JMP 00007ffc5f020298 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffc61601f00 7 bytes JMP 00007ffc5f020308 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffc61604094 7 bytes JMP 00007ffc5f020340 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc616044f0 7 bytes JMP 00007ffc5f0202d0 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc6162ce0c 7 bytes JMP 00007ffc5f0201f0 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc6162ce7c 7 bytes JMP 00007ffc5f020228 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc5f032a80 7 bytes JMP 00007ffc5f0200d8 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffc5f035fc0 5 bytes JMP 00007ffc5f020180 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc5f0360b0 5 bytes JMP 00007ffc5f020148 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc5f036750 5 bytes JMP 00007ffc5f020110 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc5f0aa200 5 bytes JMP 00007ffc5f0201b8 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc60e61500 1 byte JMP 00007ffc5f020490 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffc60e61502 6 bytes {JMP 0xfffffffffe1bef90} .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc60e61750 8 bytes JMP 00007ffc5f0204c8 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffc5f2cb6f4 10 bytes JMP 00007ffc5f020420 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffc5f2d45d8 5 bytes JMP 00007ffc5f0203e8 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc5f2d4750 9 bytes JMP 00007ffc5f020378 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffc5f2e4fc0 5 bytes JMP 00007ffc5f0203b0 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc5f2e5cb0 5 bytes JMP 00007ffc5f020458 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffc60ca9318 7 bytes JMP 00007ffc5f020538 .text C:\WINDOWS\system32\NOTEPAD.EXE[188] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffc60cacbe0 7 bytes JMP 00007ffc5f020500 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc615528a0 7 bytes JMP 00007ffc5f020260 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc615543b8 7 bytes JMP 00007ffc5f020298 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffc61601f00 7 bytes JMP 00007ffc5f020308 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffc61604094 7 bytes JMP 00007ffc5f020340 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc616044f0 7 bytes JMP 00007ffc5f0202d0 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc6162ce0c 7 bytes JMP 00007ffc5f0201f0 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc6162ce7c 7 bytes JMP 00007ffc5f020228 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc5f032a80 7 bytes JMP 00007ffc5f0200d8 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffc5f035fc0 5 bytes JMP 00007ffc5f020180 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc5f0360b0 5 bytes JMP 00007ffc5f020148 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc5f036750 5 bytes JMP 00007ffc5f020110 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc5f0aa200 5 bytes JMP 00007ffc5f0201b8 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffc5f2cb6f4 10 bytes JMP 00007ffc5f020420 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffc5f2d45d8 5 bytes JMP 00007ffc5f0203e8 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc5f2d4750 9 bytes JMP 00007ffc5f020378 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffc5f2e4fc0 5 bytes JMP 00007ffc5f0203b0 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc5f2e5cb0 5 bytes JMP 00007ffc5f020458 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc60e61500 1 byte JMP 00007ffc5f020490 .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffc60e61502 6 bytes {JMP 0xfffffffffe1bef90} .text C:\WINDOWS\splwow64.exe[4448] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc60e61750 8 bytes JMP 00007ffc5f0204c8 .text C:\Users\Admin\Downloads\b361l7i6.exe[6016] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 3 00000000717c1003 2 bytes [7C, 71] .text C:\Users\Admin\Downloads\b361l7i6.exe[6016] C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll!Detoured + 22 00000000717c1016 2 bytes [7C, 71] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [468:488] fffff9600085ab90 Thread C:\WINDOWS\Explorer.EXE [384:3000] 00007ffc525617a0 Thread C:\WINDOWS\Explorer.EXE [384:2980] 00007ffc46318c54 Thread C:\WINDOWS\Explorer.EXE [384:4456] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:4528] 00007ffc526efee0 Thread C:\WINDOWS\Explorer.EXE [384:2616] 00007ffc526efee0 Thread C:\WINDOWS\Explorer.EXE [384:180] 00007ffc526efee0 Thread C:\WINDOWS\Explorer.EXE [384:4784] 00007ffc526efee0 Thread C:\WINDOWS\Explorer.EXE [384:1088] 00000000523453b0 Thread C:\WINDOWS\Explorer.EXE [384:4072] 00007ffc51d44094 Thread C:\WINDOWS\Explorer.EXE [384:3552] 00007ffc51d44094 Thread C:\WINDOWS\Explorer.EXE [384:5056] 00007ffc51d44094 Thread C:\WINDOWS\Explorer.EXE [384:3960] 00007ffc51d44094 Thread C:\WINDOWS\Explorer.EXE [384:4064] 00007ffc4729e780 Thread C:\WINDOWS\Explorer.EXE [384:3700] 00007ffc5800ecf8 Thread C:\WINDOWS\Explorer.EXE [384:2184] 00007ffc5800ecf8 Thread C:\WINDOWS\Explorer.EXE [384:940] 00007ffc4725a760 Thread C:\WINDOWS\Explorer.EXE [384:5104] 00007ffc5800ecf8 Thread C:\WINDOWS\Explorer.EXE [384:5668] 00007ffc5a8d1120 Thread C:\WINDOWS\Explorer.EXE [384:5208] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6424] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5656] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5296] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5232] 00007ffc5135a3f8 Thread C:\WINDOWS\Explorer.EXE [384:6760] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6748] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:2288] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:1740] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:7028] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:1692] 00007ffc5e347ea8 Thread C:\WINDOWS\Explorer.EXE [384:2432] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:3300] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6352] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5996] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5460] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6980] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6988] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:2904] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:3968] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5376] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5484] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6244] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6124] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:7088] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5124] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5204] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6436] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:3104] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:4972] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:3632] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:4564] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:4172] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6700] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:2440] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:2848] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:1276] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:1864] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6160] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5424] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6232] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6292] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:4508] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5852] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6360] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5444] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:3756] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:4404] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:2148] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:2536] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:4220] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:2852] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:928] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:1840] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5312] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6940] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6828] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:3616] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:4324] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:4044] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:7000] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5064] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:3248] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:2156] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5156] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:3544] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5372] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:4436] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5908] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6592] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5728] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:2388] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6364] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6444] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:7080] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6628] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:1320] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:6276] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5176] 00007ffc4631d6bc Thread C:\WINDOWS\Explorer.EXE [384:5416] 00007ffc4631d6bc ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 255470110 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\24fd529e0b87 ---- Files - GMER 2.2 ---- File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\1E6251CD54FAD14C5F46384568AD2977E6FFE90E 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\41A8BCEC3986C27E92126F2A304786D39A91177C 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\58718967DCC8A4BED09D559D46992D49838B49F1 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\5946CC463829EA56E1411160EAF17083CC0BB38B 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\59F72CDCFFF45A05718C3F85D96ED4424ED25981 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\5AE7752A73D7A193E8D8E695EF174919459C3057 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\61FBA53B489310F7F19447A1D0EB9123F1443066 470 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\62866FF4E08ED9CA799785542030EB413CEDED08 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\63B132889116458DE1AD8863CFC5624A32427692 11252 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\646C7B3EC5C508E5E5E92FAE565F37256A015BA9 9217 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\65E4A925E72C6451FE2510626D1CF0E62680FC1B 649 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\6730ABD97CE3FE4D31CCCFF473F7E9EDFA1B5770 763 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\6A71B8D24506B12BA92A6F1D5C3B371D4FC1DB8E 3112 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\6B13E8A583BD3433D17B415D22FEC97DFE09062B 120732 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\70FF3E1DAA41400144B9BE1017BE558D017C7127 6335 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\7289FE7D484FAE5BF27BDDAE37A14C39771949ED 12121 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\73709161CDD1CD36BECE3C4FD102B05C91BF7688 470 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\7530C5B1840560E26AF106C32C19FAF397F9A5E9 397 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\7626F69E8D5897B9FD482C2A1EF8A5E4B6DE1F95 9746 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\789EC02FA7466CD8FFF0F76BA6F18F3141ACE344 12123 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\78A7E4272770589622E720564687D0C8746927DC 3868 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\7A6F005F62C23BBC99B6A7D09B6404D4836170B9 10651 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\7C56B655CC93E52AA1175053F8879D574BA4EDFD 10894 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\7E8670FD3E92F695A8A448A867F3554E99264BED 10886 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\83A75C90C1F0F998F2447CF66DA63BB431E8974B 18486 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\84E5DF9FCC26DFB4BF45F1647DA7F55E06B584C8 137639 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\C4050DEF7E3EED9E9658076600069891640794BF 3580 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\8DE3381A6B5BEFBC49FF37960DFC5CBE389E2E89 3863 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\8E4CED8A45055BCAE4377F85CCB1263B6B9A3C90 17855 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\92EA61F181AE144FDD47076331B8CEDBD8A98C0E 11939 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\971F81741307A9ED23A58700977F2E8386B11A64 5768 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\97EFE99D9304C372241FE5CA843CFDE753E7939D 113061 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\9ED6DB360711210293A31D9FB52880CAF5D42EC5 3797 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\9FBDBA6072A7A2A39F0429B895707D9F1FDF04D9 11394 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\A0758284D481EB355DA97E1CA82551FBCAA5DD35 9242 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\A2D819CB1392B2C1454F72BDE9BD1517384DC23E 8054 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\A41C9C7E39B0560CA2BFC9A3BFC1D69E620D0DDF 3852 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\A91A59FFBEF794BF5FA5BC9056F7211982B07995 3851 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\A99E765FB0FDE83D1AC20EC522A3E423F98977B2 12494 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\A9A31E794F3682C3F45D8515EF70120D3D2A261E 19009 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\AA83AE138A9EAA7EBC7BD9763E928FC555B46291 3333 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\AB3E78BA542084DE5C6D30B5C159B27E9E6EAE31 553 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\ABE8388C012D06EB6C40D5C6287655F129C7A250 3305 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\ADAEEEB7B3B10EC508DEB028D72F108BDB89C445 3711 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\AEE9E110B9824D2E41689D567903EC2E1E6D9B7A 3384 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\AF60B8351AAEC02B6031850C39D1EA45BA26296D 10069 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\B49FF3EDA9C489EADFBB6BD1111EABF415B4FC17 510 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\B566053982149D968513A01E7FAF1B2D0968FA88 36599 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\B7496E0ABBF9D0CB240DFC7A08D267F829F189AF 3723 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\B9FCAB9C4F108C0B858F40941EC6B9F1C7066556 9741 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\BA3D19B5856953C34CFBA66F2FA659015C5389ED 3863 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\BE2D50FFC37B36F7221DADF2C62981F81EB4C340 3100 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\BE881ACCBB922414DB26BE00B8692521AF820476 13205 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\C17362EFBC8E03922198537AFE887E1B3B1B5E47 10556 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\C3BFA171EA9368A70666F0274AF221E3D28A3710 10630 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\C54DB886538A2643CCA8167906501F1514011058 10700 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\C67A3A5B06488C7A3FF1B14C07C13E5DC5D984C4 3100 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\C9BF0F43633DD3A7380610BC19C80BDE18482C84 471 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\CBC53DD0DA2B0EB91F89371C99F224AC023517A2 11323 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\CC9685A7AF08C6E7B62D775BA8D931A3DC1DB5FA 6309 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\CD09554C343826E76D419A311F7FBBFB3C0E9658 13634 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\D1AE389E0BA4B39993C0855535857089EDEFF999 9201 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\D1CCA2820C0CDFEE80DC349283C7A7F05E32B8D1 3394 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\D3240CBF8F7280890AD0F01EAF978B7495E80872 28776 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\D3747A6F5ABC880BC4D6F4622BF87DCA8F39988A 6171 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\D8E67B6A173118F7E069A842BA1274C005A0955E 5157 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\D9D2FA3A047BBB7E999100B4797594FEFBC50DF5 10770 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\DB99D54DE354B053497BD923C6B504DFE485099E 3274 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\DF7958281135D6233A209E3B96173B7A9DC126B3 3865 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E337EADB9CE6CEC124A13EB58FD9F25A62349BDF 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E3F16F410AD9988052F0BB50EF7014E064A4D0C2 415 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E421A0F15AA9D7B4D4CF4678752D5CD48D72F963 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E4F01F8F28544BA43CECD4BABCD4FC09CD63CFD3 3806 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E4FF004EDB3AA0BBB7E4060F8ADA6C9B5AF851C9 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E68EA535D0C4B7916B7264FBB3FFD62898CDFEE1 11965 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E6A48BAA600AB3D0ED34C0CD77F09F6CE4D60F3A 19453 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E82001EC06175ADDB6B29B39D388545E745AACBA 13265 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E84F743C628378DBCCC6A78DF1EAE6FA184BED3A 677 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E907C9DECC8CF8FD265307C2BA31173B69A144CE 3794 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\EA991CAB1101B7259DBB6AAC23F992DD8BC3342A 9759 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\EBA0F030A32343E8299A5EB9E9D47ADE7DF077BE 13084 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\EBB11CD2B1CE9966959996AA5A53CBE41B78BE90 2616 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\ECD001E7E7D1F62555F150C513138DF20AC42998 3783 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\ED020414159085F3D22888C2FA7A71D4BE8A88F5 6027 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\EDD10B565E485A94F3D81ED9F73F0347759850F6 3335 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\EE5837E891175BAD9C3B6046175E190D67C1489C 484 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\F15139CDEB63CDA10396AD1516583F23C76324B3 11451 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\F1642C0EE89AF6A3FF5710AFC52A9CAA4A7F93EA 1993 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\F17FC1D79AB5BDC800C16473BDD79EEB784F30C2 3382 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\F1FBE83115A6B43DDB645A396DD0C5D1ED4E9861 32555 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\F2816A539195D492AB7C33A84A80330425C48787 9708 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\F377513CB7BEB2170CFE322AFBAEC3C382C2D7F6 11212 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\F3DA2B541F469996A64E4C5ED57CFB15CB06FB0A 415 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\F4F6AF659F8E1BC6A9C25F4E78F670814F3DDBD9 829 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\F77263625F11BA2C590F428986474C0D38A9598D 3232 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\F8342E3625625D32C32E524118CD7597636FDB6B 848 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\FB2AA89CE99DEEEF7764B4E26EAEECEF2AD96ED6 90396 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\FBC4CFB20FA87A1EDC846B7A79424D426124809E 2645 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\FBC5A586D8BBD00D7B4368BD1131D50539976F22 1582 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\FBE29B9D2B18D30C62BF3C55F3744A7A4566713C 4466 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\FBEA4E987D634B4BAEB1C3AD39A7AE6339821187 11868 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\FCF39F373B37BFD43B03A1D3E1AD0D16FD90BCA1 3407 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\FDAF6B07605937A7BD90E6C488A3BC8974A9CB52 8346 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\8D3F933257E2460F71D54F5C05FCD64905A994D8 9678 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\B899CC2ADC3700EB3433E9123754074C59B8C7B3 10323 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\C9E5595CF659BA0D0DCD98B9375A5053322C89A9 3858 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\C9E70A88368AEDF7C800976153375091AC8F1868 583 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\43441F36A96FB605041FF2AD43AE5E39600AE2B9 10128 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\43481B332ECAE8E57E307C2842F6B82E13E2A378 5260 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E0F87876B8491458932FE4B9C10B8DD67DABF01C 1041 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\32C01F6C76CA4F7B1022BBE1BE779B4D9F8AD53F 3887 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\0D3EB0FA82746BD2317D7B37F39EDE83A6D8E644 3416 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\B35DD5C4AB64B69FE44E74B679A144ED426F2F32 3864 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\34F7E1909F6F814594071C8A5786CB2A879B4F85 624 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\E4656612C45ED08D746450EEB527F0443E5DFA04 0 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\3F0952BAB1830657929212FB02FBB9BFB63B0727 8796 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\B06E5383EACC696CE4E75327A1D75D8DA6D5064E 5112 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\556AA11160BE7E0C5FDE20BC18CA599BB4A1C09E 11494 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\1C28D5262C0F65DA61467F02937CE52A045BEE57 823 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\C0937B7307E844EAC403083AB369679DFB1C1231 8301 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\03E89C47E41059270FDD3E937480B226E85101B3 10597 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\17B765DD1A1B3AA17BA4AF7CC711025CC41B5669 1426 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\7D2B06BB4CC7E2EC448757EB08310DEAD751BF2A 11938 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\BDC19D84D28CCCF275E5A5BE58AEB9036DD35666 3267 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\78655492ACBCDDD249607FFE5318B15A3EA23AF5 9192 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\DE82D952C25BB109464EDC61F74839BE5E1CB7B9 2599 bytes File C:\Users\Admin\AppData\Local\Firefox\Firefox\Profiles\saeoed1k.default\cache2\entries\DE8C9BE47AFAE65AE9246614DE2E5F66C548E1A5 3818 bytes File C:\Users\Admin\AppData\Roaming\Firefox\Firefox\Profiles\saeoed1k.default\storage\default\https+++plus.google.com\cache\caches.sqlite-shm 0 bytes File C:\Users\Admin\AppData\Roaming\Firefox\Firefox\Profiles\saeoed1k.default\storage\default\https+++plus.google.com\cache\caches.sqlite-wal 0 bytes File C:\Users\Admin\AppData\Roaming\Firefox\Firefox\Profiles\saeoed1k.default\storage\default\https+++plus.google.com\cache\context_open.marker 0 bytes ---- EOF - GMER 2.2 ----