GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-21 23:01:19 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006b rev. 0,00MB Running: gmer.exe; Driver: C:\Users\Gigi\AppData\Local\Temp\kwtdqpod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwAdjustPrivilegesToken [0x920E5730] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwAlpcConnectPort [0x92098CA2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwAlpcCreatePort [0x92098FEA] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwAlpcDisconnectPort [0x8D5F494C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwAlpcSendWaitReceivePort [0x92099430] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwAssignProcessToJobObject [0x8D5F313C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwClose [0x920812AE] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwConnectPort [0x9209897C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwCreateEvent [0x92081826] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateKey [0x8D5F5DC0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwCreateMutant [0x9208170C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwCreatePort [0x92098E4E] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateProcess [0x8D5F3ADC] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateProcessEx [0x8D5F3C10] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwCreateSection [0x920E8690] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwCreateSemaphore [0x92081946] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwCreateSymbolicLinkObject [0x8D5F5420] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwCreateThread [0x920E7B18] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwCreateThreadEx [0x920E7D64] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwCreateUserProcess [0x920E775E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwCreateWaitablePort [0x92098F1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwDebugActiveProcess [0x920E7604] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwDeviceIoControlFile [0x920812F2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwDuplicateObject [0x920E5872] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwFreeVirtualMemory [0x8D5F360C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwLoadDriver [0x920E54DA] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwLockVirtualMemory [0x8D5F33A4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwMapViewOfSection [0x920E8488] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwNotifyChangeKey [0x920970DA] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwOpenEvent [0x920818BC] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenKey [0x8D5F5B58] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwOpenKeyEx [0x8D5F5C8C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwOpenMutant [0x9208179C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwOpenProcess [0x920E7146] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwOpenSection [0x920E893C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwOpenSemaphore [0x920819DC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwOpenThread [0x920E7816] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwProtectVirtualMemory [0x8D5F34D8] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwQueryDirectoryFile [0x8D5F58F0] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwQueryDirectoryObject [0x92081A66] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwQueryObject [0x920972E8] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwQuerySystemInformation [0x8D5F4E1C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwQueueApcThread [0x920E833C] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwReadVirtualMemory [0x8D5F3874] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwReplyPort [0x92099214] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwReplyWaitReceivePort [0x920990A2] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwReplyWaitReceivePortEx [0x92099158] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwRequestWaitReplyPort [0x92099284] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwRestoreKey [0x8D5F5EF4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwResumeThread [0x920E8066] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwSecureConnectPort [0x92098B0A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwSetContextThread [0x920E81C4] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetInformationProcess [0x8D5F3270] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwSetInformationToken [0x92081B08] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSecurityObject [0x8D5F5A24] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwSetSystemInformation [0x920E55E4] SSDT \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwSetSystemTime [0x8D5F52EC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwSuspendProcess [0x920E734C] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwSuspendThread [0x920E7F0E] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwSystemDebugControl [0x92081B1A] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwTerminateProcess [0x920E74AC] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwTerminateThread [0x920E7A14] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwUnmapViewOfSection [0x920E8AA4] SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab ZAO) ZwWriteVirtualMemory [0x920E87CE] Code \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ZwTerminateProcess [0x8D5F7E38] Code \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) KeUserModeCallback ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82E47339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E80D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82E87DCC 4 Bytes [30, 57, 0E, 92] {XOR [EDI+0xe], DL; XCHG EDX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82E87DF4 8 Bytes [A2, 8C, 09, 92, EA, 8F, 09, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 1127 82E87E1C 4 Bytes [4C, 49, 5F, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 1143 82E87E38 4 Bytes [30, 94, 09, 92] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E87E48 4 Bytes [3C, 31, 5F, 8D] .text ... PAGE ntkrnlpa.exe!ZwTerminateProcess 830659BF 5 Bytes JMP 8D5F7E3C \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) PAGE ntkrnlpa.exe!KeUserModeCallback 83081EA3 5 Bytes JMP 8D5F2B40 \SystemRoot\system32\DRIVERS\sysmon.sys (sysmon.sys/Beijing Rising Information Technology Co., Ltd.) ---- User code sections - GMER 2.1 ---- ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] ntdll.dll!NtProtectVirtualMemory 77715F18 5 Bytes JMP 6EAA209E C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] C:\Windows\system32\ole32.dll time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] USER32.dll!NotifyWinEvent + 6AE 765AD66C 4 Bytes [BB, 30, AA, 6E] ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] C:\Windows\SYSTEM32\ntdll.dll time/date stamp mismatch; .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] ntdll.dll!NtProtectVirtualMemory 77715F18 5 Bytes JMP 6EAA209E C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ushata.dll (Ushata module/Kaspersky Lab ZAO) ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: KERNELBASE.dll ? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] C:\Windows\system32\ole32.dll time/date stamp mismatch; unknown module: CRYPTSP.dllunknown module: MPR.dllunknown module: msiltcfg.dllunknown module: CLBCatQ.DLLunknown module: OLEAUT32.dllunknown module: imagehlp.dllunknown module: KERNELBASE.dll .text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] USER32.dll!NotifyWinEvent + 6AE 765AD66C 4 Bytes [BB, 30, AA, 6E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] ntdll.dll!NtCreateFile 777155C8 5 Bytes JMP 611D2319 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] ntdll.dll!NtFlushBuffersFile 77715958 5 Bytes JMP 611D2059 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] ntdll.dll!NtQueryFullAttributesFile 77715FE8 5 Bytes JMP 611D2191 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] ntdll.dll!NtReadFile 777162B8 5 Bytes JMP 611D2093 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] ntdll.dll!NtReadFileScatter 777162C8 5 Bytes JMP 61520BE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] ntdll.dll!NtWriteFile 77716A68 5 Bytes JMP 611D24BD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] ntdll.dll!NtWriteFileGather 77716A78 5 Bytes JMP 61520C36 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] ntdll.dll!LdrLoadDll 777322B8 5 Bytes JMP 65128FEC C:\Program Files\Mozilla Firefox\mozglue.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 768A8996 7 Bytes JMP 615086CF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] kernel32.dll!GetEnvironmentStringsA + 11 768B2FB1 7 Bytes JMP 615096BA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] kernel32.dll!BaseThreadInitThunk + C9 768B3CFC 7 Bytes JMP 61296EE8 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] USER32.dll!GetWindowInfo 765A4B5E 5 Bytes JMP 61FA01AF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3872] GDI32.dll!GetViewportOrgEx + 26C 7624884B 7 Bytes JMP 61507EA3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtCreateFile + 6 777155CE 4 Bytes [28, 20, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtCreateFile + B 777155D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtCreateKey + 6 7771560E 4 Bytes [68, 21, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtCreateKey + B 77715613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtCreateMutant + 6 7771564E 4 Bytes [68, 22, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtCreateMutant + B 77715653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtCreateSection + 6 777156EE 4 Bytes [A8, 22, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtCreateSection + B 777156F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtMapViewOfSection + 6 77715C2E 4 Bytes CALL 76716357 C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtMapViewOfSection + B 77715C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenFile + 6 77715CDE 4 Bytes [68, 20, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenFile + B 77715CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenKey + 6 77715D0E 4 Bytes [A8, 21, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenKey + B 77715D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenKeyEx + 6 77715D1E 4 Bytes CALL 76716444 C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenKeyEx + B 77715D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenMutant + 6 77715D5E 4 Bytes [28, 22, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenMutant + B 77715D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenProcess + 6 77715D8E 4 Bytes [68, 23, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenProcess + B 77715D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenProcessToken + 6 77715D9E 4 Bytes [A8, 23, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenProcessToken + B 77715DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenProcessTokenEx + 6 77715DAE 4 Bytes [68, 24, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenProcessTokenEx + B 77715DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenSection + 6 77715DCE 4 Bytes CALL 767164F5 C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenSection + B 77715DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenThread + 6 77715E0E 4 Bytes [28, 23, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenThread + B 77715E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenThreadToken + 6 77715E1E 4 Bytes [28, 24, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenThreadToken + B 77715E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenThreadTokenEx + 6 77715E2E 4 Bytes [A8, 24, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtOpenThreadTokenEx + B 77715E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtQueryAttributesFile + 6 77715F3E 4 Bytes [A8, 20, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtQueryAttributesFile + B 77715F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtQueryFullAttributesFile + 6 77715FEE 4 Bytes CALL 76716713 C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtQueryFullAttributesFile + B 77715FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtSetInformationFile + 6 7771663E 4 Bytes [28, 21, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtSetInformationFile + B 77716643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtSetInformationThread + 6 7771669E 4 Bytes CALL 76716DC6 C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtSetInformationThread + B 777166A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtUnmapViewOfSection + 6 777169BE 4 Bytes [28, 25, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ntdll.dll!NtUnmapViewOfSection + B 777169C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] kernel32.dll!CreateProcessW 7686204D 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] kernel32.dll!CreateProcessA 76862082 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!DeleteObject 76245F14 5 Bytes JMP 001301B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SelectObject 76246640 5 Bytes JMP 001305F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SetTextColor 76246906 5 Bytes JMP 00130A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SetBkMode 762469B1 5 Bytes JMP 001308F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!DeleteDC 76246EAA 5 Bytes JMP 00130170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetDeviceCaps 76246F7F 5 Bytes JMP 001303B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!ExtSelectClipRgn 76247114 5 Bytes JMP 001302F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SelectClipRgn 76247242 5 Bytes JMP 001305B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SetStretchBltMode 76247705 5 Bytes JMP 001306B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetCurrentObject 76247917 5 Bytes JMP 00130370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetTextMetricsW 76247B8F 5 Bytes JMP 00130E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetTextAlign 76247DAF 5 Bytes JMP 00130D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!IntersectClipRect 76247DFE 5 Bytes JMP 001303F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!ExtTextOutW 76248192 5 Bytes JMP 00130970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SetTextAlign 7624828E 5 Bytes JMP 001309F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetClipBox 76248525 5 Bytes JMP 00130330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!MoveToEx 76248C21 5 Bytes JMP 00130470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!StretchDIBits 7624A53E 5 Bytes JMP 00130770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!RestoreDC 7624A67B 5 Bytes JMP 00130530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SaveDC 7624A74B 5 Bytes JMP 00130570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetTextExtentPoint32W 7624B4B5 5 Bytes JMP 00130670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetTextFaceW 7624B73A 2 Bytes JMP 00130D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetTextFaceW + 3 7624B73D 2 Bytes [EE, 89] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetFontData 7624BCC4 5 Bytes JMP 00130C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SetWorldTransform 7624C90A 5 Bytes JMP 001306F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!CreateDCA 7624CCA9 5 Bytes JMP 001300B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!CreateDCW 7624CF79 5 Bytes JMP 001300F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!CreateICW 7624CFD0 5 Bytes JMP 00130130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetTextMetricsA 7624D0F2 5 Bytes JMP 00130DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!Rectangle 7624F1FF 5 Bytes JMP 001309B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!LineTo 7624F59B 5 Bytes JMP 00130430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SetICMMode 7624FAA4 5 Bytes JMP 00130DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!ExtTextOutA 762503F9 5 Bytes JMP 00130930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetTextExtentPoint32A 762507B0 5 Bytes JMP 00130630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!ExtEscape 76252949 5 Bytes JMP 001302B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!Escape 76253939 5 Bytes JMP 00130270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetTextFaceA 76253E6A 5 Bytes JMP 00130CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SetPolyFillMode 7625D851 5 Bytes JMP 00130B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SetMiterLimit 7625DA0D 5 Bytes JMP 00130B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!EndPage 762600D7 5 Bytes JMP 00130230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!ResetDCW 7626050D 5 Bytes JMP 00130AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!GetGlyphOutlineW 7626C1BA 5 Bytes JMP 00130CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!CreateScalableFontResourceW 7626E817 5 Bytes JMP 00130BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!AddFontResourceW 7626EC13 5 Bytes JMP 00130BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!RemoveFontResourceW 7626F109 5 Bytes JMP 00130C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!AbortDoc 76274C63 5 Bytes JMP 00130030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!EndDoc 762750AA 5 Bytes JMP 001301F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!StartPage 76275195 5 Bytes JMP 00130730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!StartDocW 76275BB0 5 Bytes JMP 001307F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!BeginPath 7627635D 5 Bytes JMP 00130830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!SelectClipPath 762763B4 5 Bytes JMP 00130AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!CloseFigure 7627640F 5 Bytes JMP 00130070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!EndPath 76276466 5 Bytes JMP 00130A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!StrokePath 76276699 5 Bytes JMP 001307B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!FillPath 76276726 5 Bytes JMP 00130870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!PolylineTo 76276B94 5 Bytes JMP 001304F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!PolyBezierTo 76276C25 5 Bytes JMP 001304B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] GDI32.dll!PolyDraw 76276CD7 5 Bytes JMP 001308B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!ActivateKeyboardLayout 76598203 5 Bytes JMP 001404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!ScreenToClient 7659A506 7 Bytes JMP 00140670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!RegisterClipboardFormatA 7659C091 5 Bytes JMP 001402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!RegisterClipboardFormatW 7659DF8D 5 Bytes JMP 001402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!SetCursor 765A3075 5 Bytes JMP 00140530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!MonitorFromWindow 765A3622 7 Bytes JMP 00140630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!PostMessageW 765A447B 5 Bytes JMP 001405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!IsWindowVisible 765A4D69 7 Bytes JMP 001406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetClientRect 765A54DD 7 Bytes JMP 001405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!MapWindowPoints 765A5CAA 5 Bytes JMP 00140570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetParent 765A6029 7 Bytes JMP 001406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!EmptyClipboard 765B290C 5 Bytes JMP 00140130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!SetClipboardData 765B2962 5 Bytes JMP 00140170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetClipboardData 765B2BA7 5 Bytes JMP 00140030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetClipboardFormatNameW 765B5FD2 5 Bytes JMP 00140230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!SetClipboardViewer 765B6FF6 5 Bytes JMP 001404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetClipboardFormatNameA 765B700A 5 Bytes JMP 00140270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!ChangeClipboardChain 765C147C 5 Bytes JMP 00140430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetTopWindow 765C24D9 7 Bytes JMP 00140730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!CloseClipboard 765C446C 5 Bytes JMP 001400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!OpenClipboard 765C447E 5 Bytes JMP 00140070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!IsClipboardFormatAvailable 765C44FF 5 Bytes JMP 001400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetClipboardSequenceNumber 765C4513 5 Bytes JMP 00140330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetClipboardOwner 765C4525 5 Bytes JMP 00140370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!CountClipboardFormats 765C470A 5 Bytes JMP 001401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!EnumClipboardFormats 765C47EC 5 Bytes JMP 001401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetOpenClipboardWindow 765C480B 5 Bytes JMP 001403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!SetCursorPos 765DC1B0 5 Bytes JMP 00140770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetClipboardViewer 765F4AF7 5 Bytes JMP 00140470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] USER32.dll!GetPriorityClipboardFormat 765F4BF9 5 Bytes JMP 001403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ole32.dll!OleSetClipboard 75F80045 5 Bytes JMP 00150030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ole32.dll!OleIsCurrentClipboard 75F836B2 5 Bytes JMP 00150070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe[4964] ole32.dll!OleGetClipboard 75FAFDCD 5 Bytes JMP 001500B0 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] ntdll.dll!LdrLoadDll 777322B8 5 Bytes JMP 65128FEC C:\Program Files\Mozilla Firefox\mozglue.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!RegisterMessagePumpHook + 2F1 76598B9E 7 Bytes JMP 61E7F88C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!IsDialogMessageW + 340 765A4444 7 Bytes JMP 61E7F961 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!GetWindowInfo 765A4B5E 5 Bytes JMP 61E81CEC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5504] USER32.dll!ToUnicodeEx + 71 765B2223 7 Bytes JMP 61E8023C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 7DFE0A30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtTerminateProcess] 7DFD00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFD0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFD01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFD022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFD0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0F40 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFD0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFD0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFD03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFD0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFD04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFE0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFE0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE0958 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE08EC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFE07A8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE09C4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0880 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0880 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE09C4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE08EC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFE07A8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0880 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFE0814 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE08EC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFE07A8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE0958 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE09C4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFE07A8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0880 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE08EC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE09C4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\netapi32.DLL [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\netapi32.DLL [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFE0958 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE09C4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFE08EC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFE07A8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFE0814 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[1956] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0880 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtTerminateProcess] 7DFE0A30 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF058C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF05F8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0664 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF06D0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ole32.dll [ntdll.dll!NtTerminateProcess] 7DFD00E8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0C4C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0CB8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0D24 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0D90 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0DFC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFD0154 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFD01C0 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFD022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFD0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 7DFF0E68 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0ED4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0F40 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFE0010 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFD0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFE007C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFD0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFD03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFD0448 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFD04B4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFE0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFE0370 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0304 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFE0958 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFE08EC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFE07A8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE09C4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0880 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0880 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE09C4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFE08EC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFE07A8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0880 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFE0814 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFE08EC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFE07A8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFE0958 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE09C4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFE07A8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0880 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFE08EC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE09C4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFE0958 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!HeapFree] 7DFF0520 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFE09C4 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF03DC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFE08EC IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFE07A8 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFE0814 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFE0880 IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF022C IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe[2696] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0298 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys (Network filtering component/Kaspersky Lab ZAO) AttachedDevice \Driver\tdx \Device\Udp kltdi.sys (Network filtering component/Kaspersky Lab ZAO) AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys (Network filtering component/Kaspersky Lab ZAO) AttachedDevice \FileSystem\fastfat \Fat FLTMGR.SYS (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{060B0A86-298B-11E5-A4E9-806E6F6E6963} 385206072 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- Files - GMER 2.1 ---- File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\0C4FBDD18512FE47B705A96556975190D377A25D 2845 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\98785ADCFD890EF4D1BE92CA7BDAAC98A9D98276 2928 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\BF08A15FB052EE6A2BE27E119409A1A12213F342 3207 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\375EB35629C25A32CB6C8AC6DEF0009A2A971861 2708 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\66316BC537DCA1E1C32C261A8AA9A2A29DEBA3C5 2804 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\C8298C58E20F93DCFE21EFC41704DD3AF410D347 2765 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\41247A3BA49978AF31D77460C23B27F2C0558651 37848 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\4224217BD159ED7391345B8CEF9C4C54404A9FE8 2976 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\743B205867C9E4CE48B5408C39AA3FB0FA24C5F0 5104 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\3F66F9DF02B69FE9F500BA2924EAE856BC7F5076 864 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\738A1DEB7DE7D6AE68CAEF37ECB1EA60F18CA87D 2845 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\04B0E8B9753F27F0390F5796E4D8A638241F94C7 28071 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\242BF2CCCEA610A6A5695E3AFDFD49600196FB75 25330 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\A8E1C8B8D0AA3667A306B6CF5CFE9C8BF6307C0A 17632 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\816263C1F503E9A1D75DF2109C319C4169BD9423 28512 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\B6F2300014A9FA83AC374E78BD293E4E057E4662 3242 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\E82FFE1D48E7EE51F3591194CC62240625B23E9F 0 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\1CA25AC7B920EEED03C9F578C99B8E4CD909F9C9 15681 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\1D07CAE9E9E80E255656E451E0DB821936F24328 0 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\54F1E289FE64D3DC8D12E3AF97C17E78CD81E84F 2721 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\6B8F58327AD5BC0605FC3B79ACBBEA51292BC84B 4539 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\419EBDBD637EE9F19C35AE3FA289F7C991536430 967 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\D4304317149A872FD4B03A464BFB8FD9950746F0 3293 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\7A6D663DDEF6AD22F8BF41397C804F87B38981C9 45895 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\97B2CC6C5ECF60A4111EED01531C0AE033505097 2708 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\8A9175002E1267706038838F74753A9761B8D90A 2845 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\B2A9290DAB0436C214893A6B3B283DC0A3F188E7 2724 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\683B7997291BF1759D5D74118C1FBE37A7D119F9 3672 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\2E4ED9AE7245047B3512D14F3D1C0CA539A70298 3151 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\6EC08AD6DFA150302D63301E9C7BC6F9073245A1 32666 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\07D7F88396CEC2CEA2484B0A39D45AFAD48BB821 24180 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\0815AD11F2C4952DB402A687832671B2B506AB19 3311 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\AD861343D9355AE4C17B80B83FAB4C0EAB45F6D6 2792 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\F225A932BDB89CE8D495CF132669A4E0B02F1CA6 2708 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\9B10E3AD726E73FB901CB78CD961648ADCC92201 15676 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\646EFBB2EC60B90AD097B8C550A276A7A0CEE5EB 5728 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\F4A1E8A57BE59DE6FD36E114C1621EB2A52EC231 49359 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\F8B05DE596F340882119654160CE58497F28387D 17875 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\FFA8C8486768BFD373EE3F4721A3F1E71FF75675 967 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\FFBBC67A2F3312CAA3145AABE57AF691579D27A3 2825 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\B518B8B9D663D4AAF9FB98FA8E26D36B2F15F807 5699 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\D707A01B22727DE28623D5753FAAA0390AAE5DF8 26875 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\FE8D798632A54C3839842F3AD5EB20E918B43FCA 3347 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\79C59831D367AF531D0DE81568D51A875E9BCF61 967 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\06CBEC68FD1CCD3E75BB767B00D1611B9243DBE6 23160 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\DF65DF7CD9C7CA475E021099DA782D5846BDCE30 0 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\FD7955AEAAAC32E4FAA7C9CC5E2D72884463EE33 2721 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\5F1DBE55696C41FD929152C1BC7CB4B5A8830984 28677 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\6E1545C39EF566DA0040408DC1CA2177CD6D8C45 15165 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\16E31978A109EBFF9F72E92EA88F53AC12986734 4859 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\3B301A61BFF254AC4AD85CB87529A23CE1B4329C 2930 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\96925069650E595831F60F747C7ED5C4EEA0E1CB 3292 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\2327699F9B0B5A0E7C23A8236D6C5A80445D49CC 3566 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\46F5C56F84395AA3787C54C445612869C90EDD87 12489 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\E51B08046D0FBEDDF9B45D9CB4F4E20342B2CDA4 2708 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\F776CBBF72377715FDB743077E39638C13C80038 3547 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\C9A0EB9FD0D681173E36765BE7BFAFB0C7DCCCD3 15554 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\26CFC73BF0E88F0F78E964F58FBE71979E8AA23C 10835 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\1A6F5FB25D9E7AA1DAD5B7CA4BFF4E57458A51E3 2825 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\B1A89AC64E0CE5510E5F641ACF05AE986AA27AE9 14613 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\560B13FB7045C95BD3A1BE32BB51A1B2D558BFC5 3476 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\20BFA06CE77ACBFA00904F14A9D66A29B60B0815 4738 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\30377E1B7173711DA72EA2809C62A1DE118EE86B 3240 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\10170161E9574DE4A4AE28848F2976789F83B8A3 3325 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\AEB858F32F6D7D59E3DE57CB4EFA864709D86378 0 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\0DCB825228450889BD94D1356EF709EC4D4F741B 3553 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\0DE0268F05987E4F4B79E1211D33253DDC8ADFEF 2845 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\296EC568BF5857293775C1B8A0461742AC7ECF84 3280 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\8236A3C18C12904CAB8C7DB79A2648460F476411 21290 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\8D4B6F49AE093958DFF3E326C688BC9FC2640752 3312 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\7847E02619D31A2FF88F09E60067C2C94579AB30 190594 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\EE566615BF34BE762106951594A3CAFEAFE756D1 19453 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\24E0C974AC5E2033A0D26DC294F475321FB1DD98 4750 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\BE7BA5DFE1009E9277B6F78BBC5F6F9E95037E79 0 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\DEFCA1E868C972051CB10EA3F9C10758BF2C1570 21183 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\DF293BD0D198AF8FDA1CB7A9E162ABACDDD8B1E3 2928 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\DF2D4BFC9038E7B0A97978AC143943C6C0BA02D6 15357 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\6ACAEA27CE07547449D8A9BCC191FD2132F31ABB 3104 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\089B70A28D86EF445357116BD261DD9097FBB697 21731 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\0596AB0E96C0B9DC7D10A1CB810C8BB28176D284 35356 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\86C54C52EF663E3A8EB646D3C844DB1769993568 241668 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\DE9BCEE5AF4750AEA15EE77D4CDAA0978C737E1B 14079 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\046F66F25FC196E797D5CD1074BB77FDD77258D6 6931 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\F156F376E43167E507D7096FA441D54B7E6082D1 967 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\9B3480F783C37EF9ECE64059C0329A7EE5FF0C50 3720 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\EBEE0B610D205F283D96C082F5356D7BE2100C4B 19785 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\02F53F0C5CF5A687DD38D6B4071C3814683E204A 16639 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\EF1A42B2896D934AD83679E603A281512FABF524 3212 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\3186EE2B78B8ED2E7D55BC0C0EA672EF74DEC2CF 5216 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\318FA400FDCD569070F41DB6C02F98DEB36083F7 967 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\180B715162E359CE5C75996E7F23E8775AB7E200 16663 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\F9BFBE815914E1616BB615DB6A54B2B38D1B46E8 29453 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\A4DA3BA154F6127A4415F4079F954176EC8DF0FB 2930 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\66E29B26237BB8AE4073A0106E796B88CEA8503A 5526 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\671066818B0886E299FB2EF56B806BF1EF70BDCC 2825 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\6729585C257AC3417AA743C37C087B96F7F6F7B2 24300 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\43940779C72C5C59A4FE40D927A371280A33280F 4645 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\695F222A7050E8BB63D680F09FE407114C6B0FFE 2825 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\75EEFF8ABCBEFD1DFC8E7EEE1567C58A2C3E72E2 3525 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\95632B006D62A4C7BABBEAAF970229B5330587B1 3497 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\327CFDF54EE14088CA42A0F5B9EEB94F2E7898C9 864 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\3285029E19F4D297DF3C6B37ED46B0B01313F5C0 44227 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\B752FF5D32F811ECBCB50B4E73C521C08051BBC5 3510 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\C49DF5281CA5F76B52AC91592820C31176048406 31239 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\8E99FE32A0B7F85647DA7BB2E52F7D2FC012B5D5 2691 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\8465F91641ADDCF0028903422A56FAC17DB53500 7999 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\5C1554198B8BD3C2E8036F31C1FBD19BC6C79570 3441 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\93992A2F5CAD0BAE89E48C8FD4799E7A25B77383 14322 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\0B354A9E3CE9AA35BEFE19A149FF4637AE318F22 23215 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\33188BDD2A0CDEC4157BE00214BD9C7A35521088 3253 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\3329EF45D74EB721B913088831CB1663F4210664 3440 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\179001D794F74557A18B348B598F400ECB6DE573 4779 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\5FEB580B990A4F408CC07318BED4A32C2F9A093D 23353 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\B8165EFAE88C7BE748D4F3B9DC49480A23FDB3BD 3105 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\12575B7AC253BC0E194106C648729DB0116137FC 3276 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\37FA8E7683954C1B00E1E52DC35E3E34ECFD0637 2845 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\386EB8E8B1C065F4B60328008520E9F76D457A61 3804 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\E993CF0A36C643F9986147BAE26FDBF3AFE3365B 864 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\FC480D49A1F515E851BD377DDD99F3471AA6CF2A 6428 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\FC481E425570D1A174C6141C805A08D15DB7CE19 3500 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\A6879E62EA9C1E22FF3FF044701A571CA03F49F2 3918 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\A69149838D66A7CDEA7B0F52403648AEA7DD13A1 59412 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\25BD23422411D7F32B13CF0FD244716A05142424 3497 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\AEFF478A58606D64FE6B0AC35F17A4005EA21FCC 3697 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\AF17BFCC80E9EBE055D571CFB12F4D4FF6DB0A56 4657 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\15A7A7B775323472088844D43B2B9026A1FE50A4 2721 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\AE631BE82881790E868996379AEC0C1BDB32C2A5 706368 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\E626188BE202903705F065B1054C987F9A533021 25587 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\ECA9F53DBA4830DEB3B04ECE1C777310D48D4EDC 13981 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\62FFC0FACFED2F1EA83B8834DCCE1B8D38DB34A9 3544 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\9DEE15DF613DAA98F9A4B099C323AC1B5F24F75F 432646 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\9E0F7CF3DC77BCE09A469C82FF6240413817CF39 2845 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\B30D6CEDE0E8E2E7A6E4E55D6BD700CF50518D3C 3528 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\30089F4B23C06484B186EB0585DDDCD5756BD3EB 3436 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\30195663F031455775EB1AEAA14E7EA4AE7905C8 26514 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\22F97036054C26A6368A1A40D69449181B9DD05E 32090 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\635113CC788A47DC2677613A949E27DB11B00065 3002 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\63A20626412731CEB9A31AF15990D580F3FE8843 31334 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\A20B62B1BE4E2E6EEB749FAB618BD639981D8CC9 33775 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\E19C46D67BA6E9EA61391AC6E9001F847B132793 3205 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\79513BB62FD29A054868E80A7217D35B3DF53D4A 967 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\14022DDF3FD74717830B0D3DA618682C84157422 4789 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\B55C15856111A7BAD97D915FA37E7976FDD6D76D 968 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\B59B4B6420FC7925BA0F594966C604AFF5A4257E 4692 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\4532CDDEE1EAB4317DF206C09E30E19A065C81BC 2721 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\45755CA1162DC165A4011170827B3E8CA2DE9603 967 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\41C1FC83FDA53E8C155198FF9B95D4983B5E80A6 3556 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\DFABB92963383C169A0EE9DE5A363421C2644A69 25017 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\85640A5B8B545B96341E2F39E9BF77EC10E48879 3547 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\AA012172DB30AB4648E31DE559CF27671C81F747 3428 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\AA08FFBBA93B1692090DAAA928A5B22596B8252D 4849 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\3A24DEC65C56757A9DAA4C94C911AE3A9A00B13F 15638 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\3A290B5AE499629E4A73578B2E20BD9AEDF956F8 2845 bytes File C:\Users\Gigi\AppData\Local\Mozilla\Firefox\Profiles\mdh53bp1.default\cache2\entries\C0A239CB0DBC594A65950D48E7BEBC01B5AA4D6B 83700 bytes ---- EOF - GMER 2.1 ----