GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-31 01:34:53 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 GOODRAM_C40 rev.S9FM01.8 111,79GB Running: v4nx15x1.exe; Driver: C:\Users\mateusz\AppData\Local\Temp\pgliikog.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\taskhost.exe[1724] C:\Windows\system32\kernel32.dll!LoadLibraryExA + 1 000000007720d851 4 bytes {JMP 0xffffffffffee36fe} .text C:\Windows\system32\taskhost.exe[1724] C:\Windows\system32\kernel32.dll!FreeLibrary + 27 0000000077215acb 5 bytes JMP 00000000770f0f0e .text C:\Windows\system32\taskhost.exe[1724] C:\Windows\system32\kernel32.dll!LoadLibraryExW + 1 0000000077215ad1 1 byte {JMP 0xfffffffffffffffb} .text C:\Windows\system32\taskhost.exe[1724] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077216410 5 bytes JMP 00000000770f0f93 .text C:\Windows\system32\taskhost.exe[1724] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077216500 5 bytes JMP 00000000770f0fd3 .text C:\Windows\system32\taskhost.exe[1724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd16a8c0 5 bytes JMP 000007fefd0c0fd4 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\system32\kernel32.dll!LoadLibraryExA + 1 000000007720d851 4 bytes {JMP 0xffffffffffee36fe} .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\system32\kernel32.dll!FreeLibrary + 27 0000000077215acb 5 bytes JMP 00000000770f0f0e .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\system32\kernel32.dll!LoadLibraryExW + 1 0000000077215ad1 1 byte {JMP 0xfffffffffffffffb} .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077216410 5 bytes JMP 00000000770f0f93 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077216500 5 bytes JMP 00000000770f0fd3 .text C:\Windows\system32\Dwm.exe[1820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd16a8c0 5 bytes JMP 000007fefd110fd4 .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1072] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 0000000075dc48db 6 bytes JMP 000000005c538360 .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1072] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 0000000075dc48f3 6 bytes JMP 000000005c5382d0 .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1072] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000075dc4925 6 bytes JMP 000000005c5383f0 .text C:\Program Files (x86)\MSI\Gaming APP\OSD\x86\MsiGamingOSD_x86.exe[1072] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000075dc499f 6 bytes JMP 000000005c538240 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000075dc3f1c 13 bytes JMP 000000006830ff50 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075dc48db 6 bytes JMP 000000005c538360 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075dc48f3 6 bytes JMP 000000005c5382d0 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075dc4925 6 bytes JMP 000000005c5383f0 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075dc499f 6 bytes JMP 000000005c538240 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ce2abf 6 bytes JMP 000000005c538480 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075ba8e5e 5 bytes JMP 000000006830fdb0 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075bb0e0b 5 bytes JMP 000000006830fc10 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\USER32.dll!SetFocus 0000000075bb2185 5 bytes JMP 000000006830fcf0 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\USER32.dll!SetActiveWindow 0000000075bb3218 5 bytes JMP 000000006830fe90 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075bb7b4b 13 bytes JMP 000000006830f9a0 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000075bcf190 13 bytes JMP 000000006830f8d0 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 0000000075be912c 13 bytes JMP 000000006830fa70 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 0000000075c07e5f 5 bytes JMP 000000006830fb30 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\ole32.dll!DoDragDrop 00000000754da93f 13 bytes JMP 000000006830f800 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075731401 2 bytes JMP 75deb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075731419 2 bytes JMP 75deb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075731431 2 bytes JMP 75e690f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007573144a 2 bytes CALL 75dc48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757314dd 2 bytes JMP 75e689ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757314f5 2 bytes JMP 75e68bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007573150d 2 bytes JMP 75e688e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075731525 2 bytes JMP 75e68caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007573153d 2 bytes JMP 75ddfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075731555 2 bytes JMP 75de6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007573156d 2 bytes JMP 75e691a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075731585 2 bytes JMP 75e68d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007573159d 2 bytes JMP 75e688a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757315b5 2 bytes JMP 75ddfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757315cd 2 bytes JMP 75deb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757316b2 2 bytes JMP 75e6906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Origin\Origin.exe[2304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757316bd 2 bytes JMP 75e68839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe[2460] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA 0000000075dc48db 6 bytes JMP 000000005c538360 .text C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe[2460] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW 0000000075dc48f3 6 bytes JMP 000000005c5382d0 .text C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe[2460] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW 0000000075dc4925 6 bytes JMP 000000005c5383f0 .text C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe[2460] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA 0000000075dc499f 6 bytes JMP 000000005c538240 .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2516] C:\Windows\system32\kernel32.dll!LoadLibraryExA + 1 000000007720d851 4 bytes {JMP 0xffffffffffed36fe} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2516] C:\Windows\system32\kernel32.dll!FreeLibrary + 27 0000000077215acb 5 bytes JMP 00000000770f0f0e .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2516] C:\Windows\system32\kernel32.dll!LoadLibraryExW + 1 0000000077215ad1 1 byte {JMP 0xfffffffffffffffb} .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2516] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077216410 5 bytes JMP 00000000770e0f8e .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2516] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077216500 5 bytes JMP 00000000770e0fce .text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[2516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd16a8c0 5 bytes JMP 000007fefd100fce .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075dc48db 6 bytes JMP 000000005c538360 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075dc48f3 6 bytes JMP 000000005c5382d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075dc4925 6 bytes JMP 000000005c5383f0 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075dc499f 6 bytes JMP 000000005c538240 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ce2abf 6 bytes JMP 000000005c538480 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075731401 2 bytes JMP 75deb263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075731419 2 bytes JMP 75deb38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075731431 2 bytes JMP 75e690f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007573144a 2 bytes CALL 75dc48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757314dd 2 bytes JMP 75e689ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757314f5 2 bytes JMP 75e68bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007573150d 2 bytes JMP 75e688e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075731525 2 bytes JMP 75e68caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007573153d 2 bytes JMP 75ddfce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075731555 2 bytes JMP 75de6937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007573156d 2 bytes JMP 75e691a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075731585 2 bytes JMP 75e68d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007573159d 2 bytes JMP 75e688a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757315b5 2 bytes JMP 75ddfd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757315cd 2 bytes JMP 75deb324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757316b2 2 bytes JMP 75e6906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757316bd 2 bytes JMP 75e68839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!LoadLibraryExA + 1 000000007720d851 4 bytes {JMP 0xffffffffffee36fe} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!FreeLibrary + 27 0000000077215acb 5 bytes JMP 00000000770f0f0e .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!LoadLibraryExW + 1 0000000077215ad1 1 byte {JMP 0xfffffffffffffffb} .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077216410 5 bytes JMP 00000000770f0f93 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3208] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077216500 5 bytes JMP 00000000770f0fd3 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[4560] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075dc48db 5 bytes JMP 000000005c538360 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[4560] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075dc48f3 5 bytes JMP 000000005c5382d0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[4560] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075dc4925 5 bytes JMP 000000005c5383f0 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[4560] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075dc499f 5 bytes JMP 000000005c538240 .text C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe[4560] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ce2abf 5 bytes JMP 000000005c538480 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075dc48db 5 bytes JMP 000000005c538360 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075dc48f3 5 bytes JMP 000000005c5382d0 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075dc4925 5 bytes JMP 000000005c5383f0 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075dc499f 5 bytes JMP 000000005c538240 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ce2abf 5 bytes JMP 000000005c538480 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075731401 2 bytes JMP 75deb263 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075731419 2 bytes JMP 75deb38e C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075731431 2 bytes JMP 75e690f1 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007573144a 2 bytes CALL 75dc48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757314dd 2 bytes JMP 75e689ea C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757314f5 2 bytes JMP 75e68bc0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007573150d 2 bytes JMP 75e688e0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075731525 2 bytes JMP 75e68caa C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007573153d 2 bytes JMP 75ddfce8 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075731555 2 bytes JMP 75de6937 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007573156d 2 bytes JMP 75e691a9 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075731585 2 bytes JMP 75e68d0a C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007573159d 2 bytes JMP 75e688a4 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757315b5 2 bytes JMP 75ddfd81 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757315cd 2 bytes JMP 75deb324 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757316b2 2 bytes JMP 75e6906c C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757316bd 2 bytes JMP 75e68839 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007751f9b1 7 bytes {MOV EDX, 0x71a2e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007751fa2d 7 bytes {MOV EDX, 0x71a1a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007751fb45 7 bytes {MOV EDX, 0x71a168; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007751fbf5 7 bytes {MOV EDX, 0x71a328; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007751fc25 7 bytes {MOV EDX, 0x71a268; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007751fc3d 7 bytes {MOV EDX, 0x71a128; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007751fc55 7 bytes {MOV EDX, 0x71a3e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007751fc85 7 bytes {MOV EDX, 0x71a428; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007751fd05 7 bytes {MOV EDX, 0x71a3a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007751fd1d 7 bytes {MOV EDX, 0x71a368; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007751fd69 7 bytes {MOV EDX, 0x71a068; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007751fe61 7 bytes {MOV EDX, 0x71a0a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000775200b9 7 bytes {MOV EDX, 0x71a028; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 000000007752101d 7 bytes {MOV EDX, 0x71a1e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000775210c5 7 bytes {MOV EDX, 0x71a2a8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007752113d 7 bytes {MOV EDX, 0x71a228; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077521341 7 bytes {MOV EDX, 0x71a0e8; JMP RDX} .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075731401 2 bytes JMP 75deb263 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075731419 2 bytes JMP 75deb38e C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075731431 2 bytes JMP 75e690f1 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007573144a 2 bytes CALL 75dc48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757314dd 2 bytes JMP 75e689ea C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757314f5 2 bytes JMP 75e68bc0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007573150d 2 bytes JMP 75e688e0 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075731525 2 bytes JMP 75e68caa C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007573153d 2 bytes JMP 75ddfce8 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075731555 2 bytes JMP 75de6937 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007573156d 2 bytes JMP 75e691a9 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075731585 2 bytes JMP 75e68d0a C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007573159d 2 bytes JMP 75e688a4 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757315b5 2 bytes JMP 75ddfd81 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757315cd 2 bytes JMP 75deb324 C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757316b2 2 bytes JMP 75e6906c C:\Windows\syswow64\kernel32.dll .text F:\steam\bin\cef\cef.win7\steamwebhelper.exe[7244] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757316bd 2 bytes JMP 75e68839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[8392] C:\Windows\system32\kernel32.dll!LoadLibraryExA + 1 000000007720d851 4 bytes {JMP 0xffffffffffed36fe} .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[8392] C:\Windows\system32\kernel32.dll!FreeLibrary + 27 0000000077215acb 5 bytes JMP 00000000770f0f0e .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[8392] C:\Windows\system32\kernel32.dll!LoadLibraryExW + 1 0000000077215ad1 1 byte {JMP 0xfffffffffffffffb} .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[8392] C:\Windows\system32\kernel32.dll!LoadLibraryW 0000000077216410 5 bytes JMP 00000000770e0f8e .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[8392] C:\Windows\system32\kernel32.dll!LoadLibraryA 0000000077216500 5 bytes JMP 00000000770e0fce .text C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe[8392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd16a8c0 5 bytes JMP 000007fefd140fce .text C:\Users\mateusz\Downloads\v4nx15x1.exe[8008] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA 0000000075dc48db 5 bytes JMP 000000005c538360 .text C:\Users\mateusz\Downloads\v4nx15x1.exe[8008] C:\Windows\syswow64\kernel32.dll!LoadLibraryW 0000000075dc48f3 5 bytes JMP 000000005c5382d0 .text C:\Users\mateusz\Downloads\v4nx15x1.exe[8008] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 0000000075dc4925 5 bytes JMP 000000005c5383f0 .text C:\Users\mateusz\Downloads\v4nx15x1.exe[8008] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000075dc499f 5 bytes JMP 000000005c538240 .text C:\Users\mateusz\Downloads\v4nx15x1.exe[8008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075ce2abf 5 bytes JMP 000000005c538480 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegCreateKeyExW] [7fef0e5b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegDeleteValueW] [7fef0e5bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fef0e5b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegSetValueExW] [7fef0e5baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msiexec.exe[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileW] [7fef0e5a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegOpenKeyExW] [7fef0e5b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegCreateKeyExW] [7fef0e5b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!RegSetValueExW] [7fef0e5baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CopyFileW] [7fef0e5a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!SetFileSecurityW] [7fef0e5bcb0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef0e5b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExA] [7fef0e5ba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef0e5b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteValueW] [7fef0e5bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegDeleteKeyW] [7fef0e5d12c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[ADVAPI32.dll!RegSetValueExW] [7fef0e5baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileExW] [7fef0e5a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[KERNEL32.dll!SetFileAttributesW] [7fef0e5abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[KERNEL32.dll!MoveFileW] [7fef0e5a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msi.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!CopyFileW] [7fef0e5a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileExW] [7fef0e5a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!MoveFileW] [7fef0e5a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef0e5abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!SetFileAttributesA] [7fef0e5ab7c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateFileA] [7fef0e5a2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!MoveFileExW] [7fef0e5a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!SetFileAttributesW] [7fef0e5abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fef0e5a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\sfc_os.DLL[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!PrivCopyFileExW] [7fef0e5ab04] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\USERENV.dll[KERNEL32.dll!MoveFileExW] [7fef0e5a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!OpenFile] [7fef0e5a890] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\COMCTL32.DLL[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegDeleteValueW] [7fef0e5bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegCreateKeyExW] [7fef0e5b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegSetValueExW] [7fef0e5baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CLBCatQ.DLL[ADVAPI32.dll!RegOpenKeyExW] [7fef0e5b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileExW] [7fef0e5a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!SetFileAttributesW] [7fef0e5abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!MoveFileW] [7fef0e5a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!_lwrite] [7fef0e5aa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!CreateFileA] [7fef0e5a2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegCreateKeyExA] [7fef0e5b3dc] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!MoveFileExW] [7fef0e5a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!RegSetValueExA] [7fef0e5ba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lcreat] [7fef0e5a9a0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lopen] [7fef0e5a924] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!_lwrite] [7fef0e5aa1c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!DeleteFileA] [7fef0e5a580] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\VERSION.DLL[KERNEL32.dll!MoveFileW] [7fef0e5a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ncrypt.dll[KERNEL32.dll!MoveFileExW] [7fef0e5a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegSetValueExW] [7fef0e5baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef0e5b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ntmarta.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef0e5b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileExW] [7fef0e5a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CopyFileW] [7fef0e5a184] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileA] [7fef0e5a2d8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegSetValueExW] [7fef0e5baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegDeleteValueW] [7fef0e5bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegCreateKeyExW] [7fef0e5b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!RegOpenKeyExW] [7fef0e5b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!MoveFileW] [7fef0e5a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!SetFileAttributesW] [7fef0e5abe0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegCreateKeyExW] [7fef0e5b4f4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegOpenKeyExW] [7fef0e5b6d0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegSetValueExW] [7fef0e5baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CFGMGR32.dll[ADVAPI32.dll!RegDeleteValueW] [7fef0e5bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileW] [7fef0e5a6e0] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\DEVRTL.dll[KERNEL32.dll!MoveFileExW] [7fef0e5a804] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!RegDeleteValueA] [7fef0e5bb44] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!RegSetValueExA] [7fef0e5ba0c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!DeleteFileW] [7fef0e5a5e4] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!CreateFileW] [7fef0e5a42c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!RegOpenKeyExA] [7fef0e5b60c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!RegDeleteValueW] [7fef0e5bbc8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!RegSetValueExW] [7fef0e5baa8] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msiltcfg.dll[KERNEL32.dll!GetProcAddress] [7fefcf04230] C:\Windows\system32\apphelp.dll IAT C:\Windows\system32\msiexec.exe[4332] @ C:\Windows\system32\msiltcfg.dll[ADVAPI32.dll!AccessCheck] [7fef0e5a08c] C:\Windows\AppPatch\AppPatch64\AcGenral.DLL ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [828:6004] 000007fee2d88470 Thread C:\Windows\system32\svchost.exe [828:6008] 000007fee2d92418 Thread C:\Windows\system32\svchost.exe [828:4292] 000007fee380f130 Thread C:\Windows\system32\svchost.exe [828:4492] 000007fee3804734 Thread C:\Windows\system32\svchost.exe [828:7132] 000007fee3804734 Thread C:\Windows\sysWOW64\wbem\wmiprvse.exe [4696:4752] 000000005c061070 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5420:6128] 000007fefb302af8 Thread C:\Windows\System32\svchost.exe [1500:5728] 000007fee0899688 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\F04AAD3AFC640626A391DD9637B39A00636F4E35 1386 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\1F480116DBE6C4A80B1020B91AC4455AA41C724E 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\BA5783BB7C80CDE874DC56F9093575117B7768A8 3901 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\174A036201FCE5CC13BC5A810BCB73A92A3F1209 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\F8254C2784AF0B399A58297AB099E8D971DB0E8E 4858 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\380D7329CE7420254A5C4A04988618853C0B769D 1733 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\91009F50B3B20E2762F08D21A32F9FD717BC5819 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\26D2B8B0C655F7EA02F8D189F7E872809642D84D 2977 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\C6FA04EE7CA6895356B82F116A4B7C769ABF8492 18234 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\64A07FD7E81721B9F53E3998421879AC3B3E1026 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\2EB2349452A0EC7E3229590618B1FB8F316CF354 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\62FEFAFBF22B946FB15E0BC0FC013E46A7A2A216 3635 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\F67FF21BD2A4A30FB74BA559BC6891ACF9E85CBC 2598 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\4FE778D5E71EB9C5235A639C238B5E1C6870FF6E 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\248D9A2BC176A28A7349D8FC74834D3A4A35847A 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\DD0C195EA1DBF269832549E3105F37DA76DB2485 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\43AE38E9D0F2C490C24A2BAAA4B9482996392918 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\0928E7AF8DD6A1C6A64F3ACFB552CB2F2398A858 4781 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\400C8F87D1F6C096EA2CA2D5FF4593C17EC314FB 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\FE37604B1C565361BDEE39E4C7797416AA57C426 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\031F0CA82DBA220C4CEBDB975211DB52EE244227 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\700ECD9D7E1108A1759D361FC98E6CD1EEEE216E 8710 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\ED642C7E697EB28813D6D274C25E23E98FD410D4 1309 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\DE2AB9064F6ABC2F38D491FFA9799DE0670807F0 35630 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\55895323D31FF74D34B0FE73B1C39744FE9FDBB3 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\ABAA6F5F4A0DD6AD4E107763A6D6D76C2148FD46 1425 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\FC88E0BBE89FD6549443CEA27471314A55B2D6C1 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\85C70A91CB3E223023E985ADE88D1D43E070892C 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\04061E76868CDCD3386F6427997FB8F9CAA804C3 2132278 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\232C4E1527D795239AE7B6DC5C486352C79EC5F2 0 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\9B15538C98F720296F23ECD57F7DD76800CC66AF 1975 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\8FC5F20D9F44F394109C7E8DA896974AEAA06914 2458 bytes File C:\Users\mateusz\AppData\Local\Mozilla\Firefox\Profiles\g52mj76t.default\cache2\entries\C85B87A6F52BAC0D9394F45BB32C5C63932C0996 653 bytes ---- EOF - GMER 2.2 ----