GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-14 21:36:12 Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\0000002c CT120BX100SSD1 rev.MU02 111,79GB Running: o9nm0119.exe; Driver: C:\Users\damia\AppData\Local\Temp\kgpdrfog.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [564:692] fffff92726936c20 Thread C:\WINDOWS\SysWoW64\regsvr32.exe [6360:5140] 00000000058a2f10 Thread C:\WINDOWS\SysWoW64\regsvr32.exe [6360:4196] 00000000058a2f10 Thread C:\WINDOWS\SysWoW64\regsvr32.exe [6360:5356] 00000000058a2f10 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [1580:480] 000001e4db850000 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [6016:1432] 0000000003550000 Thread C:\Program Files\Internet Explorer\IEXPLORE.EXE [2660:7244] 000001eb03570000 Thread C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [7348:7372] 0000000000ef0000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xAC 0x8C 0x55 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x2D 0x12 0x25 0xB3 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xAC 0x8C 0x55 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x2D 0x12 0x25 0xB3 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-US 38 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SAM06691_2F_07D9_27^EB3E4BCD9191AE272609365612B3F2B9@Timestamp 0x90 0x11 0xF6 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 644 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 2710691 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1343809163 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 38 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 499165922 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 1921 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 1905 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 48630106 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 48627432 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 48629498 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 48630047 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 4163 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 61 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 7 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 10136 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 500 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 751773 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x10 0xC5 0x02 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 41756 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0x2B 0x3D 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 191 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FileRuns 29644 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumTime 132 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberChecksumIoTime 16 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 396 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x83 0x43 0xC3 0x08 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID effd2255-862b-474c-bd51-cacff6a Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WcesLog@FileCounter 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITS3d004f6a-02c7-4bf7-a638-503fe321ca2e Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{679fd5c2-27db-411a-b947-55f85bfa0af1}@LastProbeTime 1489456709 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{DCC0EFFD-2584-43BB-A5CB-7A9FF1A43EF9}@DefunctTimestamp 0x0D 0xE8 0xC6 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\00-12-2a-96-d1-c1@AddressCreationTimestamp 0xB1 0xD1 0xD7 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 5668 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1380 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 37 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{79adc9dc-b9aa-4f4c-b16f-75f0e85bd3d7}@LeaseObtainedTime 1489453109 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{79adc9dc-b9aa-4f4c-b16f-75f0e85bd3d7}@T1 1489496309 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{79adc9dc-b9aa-4f4c-b16f-75f0e85bd3d7}@T2 1489528709 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{79adc9dc-b9aa-4f4c-b16f-75f0e85bd3d7}@LeaseTerminatesTime 1489539509 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x12 0xF8 0x37 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x12 0x60 0xFC 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x12 0x90 0x73 0xB8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 14890 14896 14906 14916 14936 14980 14990 15028 15034 15050 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 15056 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 15057 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 14890 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 14891 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:E2825E6D-2C86-35DF-9AB0-323B841C578D\Interfaces\{d0875fb4-2196-4c7a-a63d-e416addd60a1}\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\Pnp\CurrentControlSet\Control\DeviceMigration\Devices\SWD\DAFUPNPPROVIDER\UUID:E2825E6D-2C86-35DF-9AB0-323B841C578D\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000E@ 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced@Hidden 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced@HideFileExt 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ShowSuperHidden 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xAC 0x1F 0x70 0x9A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xAC 0x1F 0x70 0x9A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xAC 0x1F 0x70 0x9A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xAC 0x1F 0x70 0x9A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x10 0x9A 0x3F 0x4D ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@308046B0AF4A39CB 0xB8 0x03 0x9D 0xA4 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 8 Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Microsoft.ZuneVi_b0ad35d348d27cb7814a53d4060bf81913b158e_cbfb3958_051a5733 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.BingWeather_8wekyb3d8bbwe Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.BingWeather_8wekyb3d8bbwe@TaskEntryPoint Microsoft.Msn.Weather.Tile.PreInstallTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.BingWeather_8wekyb3d8bbwe@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.Messaging_8wekyb3d8bbwe Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.Messaging_8wekyb3d8bbwe@TaskEntryPoint Microsoft.Apps.Messaging.Internal.BackgroundTasks.PreInstalledConfigBackgroundTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.Messaging_8wekyb3d8bbwe@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe@TaskEntryPoint OfficeHub.FirstRunTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.SkypeApp_kzf8qxf38zg5c Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.SkypeApp_kzf8qxf38zg5c@TaskEntryPoint SkypeBackgroundTasks.SkypeUpdateTaskHandler Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.SkypeApp_kzf8qxf38zg5c@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy@TaskEntryPoint ContentDeliveryManager.Background.ConfigurationTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.Windows.Cortana_cw5n1h2txyewy Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.Windows.Cortana_cw5n1h2txyewy@TaskEntryPoint Cortana.BackgroundTask.PreinstalledConfigTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.Windows.Cortana_cw5n1h2txyewy@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsAlarms_8wekyb3d8bbwe Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsAlarms_8wekyb3d8bbwe@TaskEntryPoint TimeBackground.PreInstallRegisterBackgroundTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsAlarms_8wekyb3d8bbwe@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\microsoft.windowscommunicationsapps_8wekyb3d8bbwe Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\microsoft.windowscommunicationsapps_8wekyb3d8bbwe@TaskEntryPoint HxMail.FirstRunTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\microsoft.windowscommunicationsapps_8wekyb3d8bbwe@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsMaps_8wekyb3d8bbwe Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsMaps_8wekyb3d8bbwe@TaskEntryPoint Maps.BackgroundTasks.MapsPreInstallConfigTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsMaps_8wekyb3d8bbwe@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsPhone_8wekyb3d8bbwe Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsPhone_8wekyb3d8bbwe@TaskEntryPoint TileBackground.PreInstallRegisterBackgroundTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsPhone_8wekyb3d8bbwe@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsStore_8wekyb3d8bbwe Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsStore_8wekyb3d8bbwe@TaskEntryPoint WinStoreTasksWrapper.PreInstallRegisterTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.WindowsStore_8wekyb3d8bbwe@RetryRemaining 1 Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.XboxApp_8wekyb3d8bbwe Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.XboxApp_8wekyb3d8bbwe@TaskEntryPoint XboxApp.Tasks.ConfigXboxAppBackgroundTask Reg HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BackgroundModel\PreInstallTasks\RequireReschedule\Microsoft.XboxApp_8wekyb3d8bbwe@RetryRemaining 1 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk1\DR1 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\doomed\15848 9692 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\114F729D4C56E2451969D3326683487E1B2EC7CE 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\CFFD25C4AF8B952F32632FEA3DB1CEBC468C4175 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\1DB6154DB230D4DB1D53115BE65FB81E9F2457BB 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\2FFE0372888FAF755FE58A80537E7B91714021FD 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\8267BD525E7A46A94BDBBF21B1A70E243CF17C5F 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\8C6C3A46D7DC344AFD8C81FA92A7599C3BC524F3 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\602C06ACDB0D4B2C6D0CEC102C35097517B3F8C9 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\4A114F51862D78449D9E785559EB5214E2193F76 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\F0AA4B6D7ADF13DD71890F50458AD332B5E69831 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\D89E22ACD58E71C2435DA13EA6C30EFE7DC1C6E4 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\6AC881D71194A8A9BB3D21A7ABEAB6A00FA339F3 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\F8F30CD5840B1B2969AB4CC887C2629860D480E1 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\597E1F2A8CC359BCA93B07E59C1AAE8BC6E34FE8 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\86117E9C4C19125EAF0461675EC4CA2F68C00C8A 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\C61229ED1E652529B3234598DE8700952DBB0EB9 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\C63583120D2C4BDA0BB5DC82499CC0144AD61156 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\73C0F34321286B0BD38E90F869657E051B15F5AA 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\BC4F69024AD981F443A843E3BACDED24532E7DF2 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\0E58CA05B0E354F3F1223C945034A31DA6065347 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\E0A892644ACD0C307B9624514B7E74F5A48B8F5F 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\09D5650D3C4525D80F14A00571214A39D281B12D 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\A8478E5654C6EF91D47D823938F481769877F560 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\DBB39BB529BB1620910BE21903603BFEEB77A474 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\9934D3225F477B96DA0527B039D7D3BE1EA052F3 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\9849101D2F5A0715B2AF8538764F70CA237D1626 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\CD7741EC390515CABD11213349BA2EC02AC14A2E 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\EF9E903B0B0189205F7AA21E06EFE29BBDDB9B14 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\65288DD68A990DBF5AE7943B2A9D1D74B8D0C6C1 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\37FD98FD3F992B6A4FD8B0DCCBEF8A39D87F7C30 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\EC481FF59C429B10EBB5DC72316910EE179CB374 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\EC2AE4E83A5BA0C9E9BC71FD2103B472A8B592BA 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\E73B944C76015BF4B27407B1AAC4F1908DFF6A0C 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\2E13E0294833CACD6545106539E4163820AE0FEC 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\F77F7ECE94A470A6996D56A2988EF68FA94B1D01 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\53E3CAEB757ECB1F02B60C6CD849532218E5CC09 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\9A1ACCD49E601D9BF9780DB6D8FCEB7CA75882E4 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\8DCE82CA340E7C70497F6BC3850C6AE42BBB43AA 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\1A124116971206B254521F3D49B68DF178465327 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\8E55A67A8DC7F1C68C1749CFF804C42FA6EF2064 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\62A30486132FC5EA3B597F94B48A6D60CCC8D40A 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\DFB1B0BDB42A766DF466C5C759ED26D4CE7EBCC7 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\5FEB13517147469A7A57E9B09D4F72ADA390A5B3 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\C0F4CC660785F75B5A33BF4E728714ADDCA45787 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\D4BFF614D52329CF1C467127971F6E64E11B54B9 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\3AD716B82C366F3DC0171EAECA4B708379788C2B 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\DAD2A4AC11F4BACA09FCD4D9C46A2F3D2B285704 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\A102FC43A9025C91095BA62F4FE0CBFA10836246 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\CD53102C1DDCAD98A3FF4A3BA5FD655D40687067 0 bytes File C:\Users\damia\AppData\Local\Mozilla\Firefox\Profiles\ljhfid9f.default\cache2\entries\422D3A1492824BB7C89E9BED2E88E9185EEC41EA 0 bytes File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\WAXD888.tmp (size mismatch) 1990656/0 bytes executable ---- EOF - GMER 2.2 ----