GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-16 16:52:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HN-M500MBB rev.2AR10001 465,76GB Running: qzstplnt.exe; Driver: C:\Users\Damian\AppData\Local\Temp\pgddqpoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003000000 76 bytes [F0, FF, FF, 48, 2B, EB, 48, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 606 fffff8000300004e 72 bytes {ADD [RBP+0x33], AL; ROR [RCX-0x3f], CL; CALL 0x54214c14} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000774b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5a2db0 5 bytes JMP 000007fffd590180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5a37d0 7 bytes JMP 000007fffd5900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5a8ef0 6 bytes JMP 000007fffd590148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5baf60 5 bytes JMP 000007fffd590110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0f89e0 8 bytes JMP 000007fffd5901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0fbe40 8 bytes JMP 000007fffd5901b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd907490 11 bytes JMP 000007fffd590228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd91bf00 7 bytes JMP 000007fffd590260 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76] .text ... * 2 .text C:\Windows\system32\taskeng.exe[1824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5a2db0 5 bytes JMP 000007fffd590180 .text C:\Windows\system32\taskeng.exe[1824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5a37d0 7 bytes JMP 000007fffd5900d8 .text C:\Windows\system32\taskeng.exe[1824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5a8ef0 6 bytes JMP 000007fffd590148 .text C:\Windows\system32\taskeng.exe[1824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5baf60 5 bytes JMP 000007fffd590110 .text C:\Windows\system32\taskeng.exe[1824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0f89e0 8 bytes JMP 000007fffd5901f0 .text C:\Windows\system32\taskeng.exe[1824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0fbe40 8 bytes JMP 000007fffd5901b8 .text C:\Windows\system32\taskeng.exe[1824] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd907490 11 bytes JMP 000007fffd590228 .text C:\Windows\system32\taskeng.exe[1824] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd91bf00 7 bytes JMP 000007fffd590260 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747efe0 5 bytes JMP 000000016fff0148 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a99b0 7 bytes JMP 000000016fff00d8 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b94d0 5 bytes JMP 000000016fff0180 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000774b9640 5 bytes JMP 000000016fff0110 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774da500 7 bytes JMP 000000016fff01b8 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5a2db0 5 bytes JMP 000007fffd590180 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5a37d0 7 bytes JMP 000007fffd5900d8 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5a8ef0 6 bytes JMP 000007fffd590148 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5baf60 5 bytes JMP 000007fffd590110 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0f89e0 8 bytes JMP 000007fffd5901f0 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0fbe40 8 bytes JMP 000007fffd5901b8 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd907490 11 bytes JMP 000007fffd590228 .text C:\Windows\System32\igfxpers.exe[2724] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd91bf00 7 bytes JMP 000007fffd590260 .text C:\Program Files\Microsoft Security Client\msseces.exe[1140] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5a2db0 5 bytes JMP 000007fffd590180 .text C:\Program Files\Microsoft Security Client\msseces.exe[1140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5a37d0 7 bytes JMP 000007fffd5900d8 .text C:\Program Files\Microsoft Security Client\msseces.exe[1140] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5a8ef0 6 bytes JMP 000007fffd590148 .text C:\Program Files\Microsoft Security Client\msseces.exe[1140] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5baf60 5 bytes JMP 000007fffd590110 .text C:\Program Files\Microsoft Security Client\msseces.exe[1140] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd907490 11 bytes JMP 000007fffd590228 .text C:\Program Files\Microsoft Security Client\msseces.exe[1140] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd91bf00 7 bytes JMP 000007fffd590260 .text C:\Program Files\Microsoft Security Client\msseces.exe[1140] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0f89e0 8 bytes JMP 000007fffd5901f0 .text C:\Program Files\Microsoft Security Client\msseces.exe[1140] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0fbe40 8 bytes JMP 000007fffd5901b8 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000774b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5a2db0 5 bytes JMP 000007fffd590180 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5a37d0 7 bytes JMP 000007fffd5900d8 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5a8ef0 6 bytes JMP 000007fffd590148 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5baf60 5 bytes JMP 000007fffd590110 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0f89e0 8 bytes JMP 000007fffd5901f0 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[1256] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0fbe40 8 bytes JMP 000007fffd5901b8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000764f8769 5 bytes [33, C0, C2, 04, 00] .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000765013e1 7 bytes JMP 000000017119128f .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007651b1d3 5 bytes JMP 000000017119159b .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765988b4 7 bytes JMP 0000000171191339 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076598939 5 bytes JMP 00000001711916b8 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076598c8f 5 bytes JMP 000000017119101e .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a91d1b 5 bytes JMP 00000001711911d1 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a91dc9 5 bytes JMP 0000000171191019 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a92aa4 5 bytes JMP 000000017119154b .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a92d0a 5 bytes JMP 0000000171191276 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e96b 5 bytes JMP 00000001711915b4 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625eba5 5 bytes JMP 000000017119119a .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f15ea5 5 bytes JMP 00000001711915e6 .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3392] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f49d0b 5 bytes JMP 000000017119122b .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000765013e1 7 bytes JMP 000000017119128f .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007651b1d3 5 bytes JMP 000000017119159b .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765988b4 7 bytes JMP 0000000171191339 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076598939 5 bytes JMP 00000001711916b8 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076598c8f 5 bytes JMP 000000017119101e .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a91d1b 5 bytes JMP 00000001711911d1 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a91dc9 5 bytes JMP 0000000171191019 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a92aa4 5 bytes JMP 000000017119154b .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a92d0a 5 bytes JMP 0000000171191276 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e96b 5 bytes JMP 00000001711915b4 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625eba5 5 bytes JMP 000000017119119a .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76] .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76] .text ... * 2 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f15ea5 5 bytes JMP 00000001711915e6 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1100] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f49d0b 5 bytes JMP 000000017119122b .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000765013e1 7 bytes JMP 000000017119128f .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007651b1d3 5 bytes JMP 000000017119159b .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765988b4 7 bytes JMP 0000000171191339 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076598939 5 bytes JMP 00000001711916b8 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076598c8f 5 bytes JMP 000000017119101e .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a91d1b 5 bytes JMP 00000001711911d1 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a91dc9 5 bytes JMP 0000000171191019 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a92aa4 5 bytes JMP 000000017119154b .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a92d0a 5 bytes JMP 0000000171191276 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e96b 5 bytes JMP 00000001711915b4 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625eba5 5 bytes JMP 000000017119119a .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76] .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76] .text ... * 2 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f15ea5 5 bytes JMP 00000001711915e6 .text C:\Users\Damian\AppData\Local\Akamai\netsession_win.exe[1932] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f49d0b 5 bytes JMP 000000017119122b .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000765013e1 7 bytes JMP 000000017119128f .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007651b1d3 5 bytes JMP 000000017119159b .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765988b4 7 bytes JMP 0000000171191339 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076598939 5 bytes JMP 00000001711916b8 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076598c8f 5 bytes JMP 000000017119101e .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a91d1b 5 bytes JMP 00000001711911d1 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a91dc9 5 bytes JMP 0000000171191019 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a92aa4 5 bytes JMP 000000017119154b .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a92d0a 5 bytes JMP 0000000171191276 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e96b 5 bytes JMP 00000001711915b4 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625eba5 5 bytes JMP 000000017119119a .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f15ea5 5 bytes JMP 00000001711915e6 .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f49d0b 5 bytes JMP 000000017119122b .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000763f1465 2 bytes [3F, 76] .text C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe[1396] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000763f14bb 2 bytes [3F, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000765013e1 7 bytes JMP 000000017119128f .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007651b1d3 5 bytes JMP 000000017119159b .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765988b4 7 bytes JMP 0000000171191339 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076598939 5 bytes JMP 00000001711916b8 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076598c8f 5 bytes JMP 000000017119101e .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a91d1b 5 bytes JMP 00000001711911d1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a91dc9 5 bytes JMP 0000000171191019 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a92aa4 5 bytes JMP 000000017119154b .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a92d0a 5 bytes JMP 0000000171191276 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e96b 5 bytes JMP 00000001711915b4 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625eba5 5 bytes JMP 000000017119119a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f15ea5 5 bytes JMP 00000001711915e6 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3572] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f49d0b 5 bytes JMP 000000017119122b .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007747efe0 5 bytes JMP 000000016fff0148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774a99b0 7 bytes JMP 000000016fff00d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774b94d0 5 bytes JMP 000000016fff0180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000774b9640 5 bytes JMP 000000016fff0110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000774da500 7 bytes JMP 000000016fff01b8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5a2db0 5 bytes JMP 000007fffd590180 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5a37d0 7 bytes JMP 000007fffd5900d8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5a8ef0 6 bytes JMP 000007fffd590148 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5baf60 5 bytes JMP 000007fffd590110 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0f89e0 8 bytes JMP 000007fffd5901f0 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3260] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0fbe40 8 bytes JMP 000007fffd5901b8 .text C:\Windows\system32\wuauclt.exe[1084] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd5a2db0 5 bytes JMP 000007fffd590180 .text C:\Windows\system32\wuauclt.exe[1084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd5a37d0 7 bytes JMP 000007fffd5900d8 .text C:\Windows\system32\wuauclt.exe[1084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd5a8ef0 6 bytes JMP 000007fffd590148 .text C:\Windows\system32\wuauclt.exe[1084] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd5baf60 5 bytes JMP 000007fffd590110 .text C:\Windows\system32\wuauclt.exe[1084] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd907490 11 bytes JMP 000007fffd590228 .text C:\Windows\system32\wuauclt.exe[1084] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd91bf00 7 bytes JMP 000007fffd590260 .text C:\Windows\system32\wuauclt.exe[1084] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007feff0f89e0 8 bytes JMP 000007fffd5901f0 .text C:\Windows\system32\wuauclt.exe[1084] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007feff0fbe40 8 bytes JMP 000007fffd5901b8 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[4524] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000765013e1 7 bytes JMP 000000017119128f .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[4524] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007651b1d3 5 bytes JMP 000000017119159b .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[4524] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765988b4 7 bytes JMP 0000000171191339 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[4524] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076598939 5 bytes JMP 00000001711916b8 .text C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[4524] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076598c8f 5 bytes JMP 000000017119101e .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000765013e1 7 bytes JMP 000000017119128f .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007651b1d3 5 bytes JMP 000000017119159b .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000765988b4 7 bytes JMP 0000000171191339 .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076598939 5 bytes JMP 00000001711916b8 .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076598c8f 5 bytes JMP 000000017119101e .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076a91d1b 5 bytes JMP 00000001711911d1 .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076a91dc9 5 bytes JMP 0000000171191019 .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076a92aa4 5 bytes JMP 000000017119154b .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076a92d0a 5 bytes JMP 0000000171191276 .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007625e96b 5 bytes JMP 00000001711915b4 .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007625eba5 5 bytes JMP 000000017119119a .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076f15ea5 5 bytes JMP 00000001711915e6 .text C:\Users\Damian\Desktop\qzstplnt.exe[5524] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076f49d0b 5 bytes JMP 000000017119122b ---- Processes - GMER 2.1 ---- Process C:\ProgramData\rvlkl\rvlkl.exe (*** suspicious ***) @ C:\ProgramData\rvlkl\rvlkl.exe [3340](2013-12-30 16:09:11) 000000013f770000 Library C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3488] (GG drive overlay/GG Network S.A.)(2013-11-17 17:05:23) 000000005c080000 Library C:\Users\Damian\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [3488] (GG drive menu/GG Network S.A.)(2 000000005ff80000 Library C:\Users\Damian\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [1396](2014-01-03 00:45:04) 0000000004110000 Library C:\Users\Damian\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [1396](2013-10-18 23:55:02) 0000000005fa0000 Library C:\Users\Damian\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Damian\AppData\Roaming\Dropbox\bin\Dropbox.exe [1396] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000073dd0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9BFAFF20-DE1B-45B4-93EB-6C2FFBB35508}\Connection@Name isatap.{26695A10-E336-4926-BFC5-A157DDCFF9CC} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{3FBABE9C-A8D6-4026-B76A-11BF9ACF4826}?\Device\{9BFAFF20-DE1B-45B4-93EB-6C2FFBB35508}?\Device\{585E85BF-EE28-42AE-8460-F2C5C9D77792}?\Device\{D861287F-7449-46D1-86C4-0579CD14C80F}?\Device\{33318110-4B69-41A8-9A9C-8F3BB0DE5FCC}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{3FBABE9C-A8D6-4026-B76A-11BF9ACF4826}"?"{9BFAFF20-DE1B-45B4-93EB-6C2FFBB35508}"?"{585E85BF-EE28-42AE-8460-F2C5C9D77792}"?"{D861287F-7449-46D1-86C4-0579CD14C80F}"?"{33318110-4B69-41A8-9A9C-8F3BB0DE5FCC}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{3FBABE9C-A8D6-4026-B76A-11BF9ACF4826}?\Device\TCPIP6TUNNEL_{9BFAFF20-DE1B-45B4-93EB-6C2FFBB35508}?\Device\TCPIP6TUNNEL_{585E85BF-EE28-42AE-8460-F2C5C9D77792}?\Device\TCPIP6TUNNEL_{D861287F-7449-46D1-86C4-0579CD14C80F}?\Device\TCPIP6TUNNEL_{33318110-4B69-41A8-9A9C-8F3BB0DE5FCC}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca9712e8613 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{9BFAFF20-DE1B-45B4-93EB-6C2FFBB35508}@InterfaceName isatap.{26695A10-E336-4926-BFC5-A157DDCFF9CC} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{9BFAFF20-DE1B-45B4-93EB-6C2FFBB35508}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca9712e8613 (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07e9db 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07e9dc 704512 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07e9dd 237568 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07ea01 241664 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07ea02 1179648 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07e9ed 1179648 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07e9ee 241664 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07e9f0 241664 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07e9f1 1179648 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07e9f4 1179648 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07e9ec 241664 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07e9f5 241664 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07ea05 1179648 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6a8 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6a9 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6aa 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6ab 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6ac 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6ad 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6ae 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6af 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6b0 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6b1 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6b2 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6b3 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6b4 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6b5 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6b6 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6b7 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6b8 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6b9 29423 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6ba 21458 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6e4 29603 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6e5 32359 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6e6 24064 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6e8 40751 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6e9 85682 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6ea 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6eb 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6ee 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6f3 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6f4 22793 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6f5 35497 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6f6 21873 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f677 54827 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f678 25976 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f679 29053 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f67a 21544 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f67b 36054 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f67c 20582 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f67d 25976 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f67e 17444 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f680 20245 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f681 20115 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f682 31441 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f683 34388 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f684 29821 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f685 36904 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f686 120481 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f687 55385 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f688 25538 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f689 19415 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f68a 34445 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f68b 18582 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f68c 60880 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f68d 18091 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f68e 26745 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f68f 19807 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f690 24967 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f691 62889 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f692 31828 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f694 25303 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f695 18260 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f696 17898 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f697 36432 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f698 21587 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f699 27485 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f69a 24329 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f69b 31889 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f69c 37229 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f69d 37153 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f69e 32795 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f69f 66600 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6a0 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6a1 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6a2 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6a3 142237 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6a4 20382 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6a5 34787 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6a6 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6bc 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6bd 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6be 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6bf 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6c0 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6c1 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6c2 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6c3 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6c4 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6c5 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6c6 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6c7 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6c8 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6c9 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6ca 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6cb 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6cc 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6cd 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6ce 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6d0 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6d1 19709 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6d2 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6d3 26866 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6d4 112137 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6d5 59607 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6d8 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6d9 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6da 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6db 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6dd 29915 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6de 27204 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6df 24896 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6e0 29915 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6e1 27587 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6e2 22560 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6fc 59476 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6fd 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6fe 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6ff 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f700 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f701 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f702 57720 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f703 32556 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f704 45956 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f705 40393 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f706 38951 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f707 74751 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f708 35656 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f709 21423 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f70a 20753 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f70e 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f714 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f715 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f716 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f717 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f718 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f719 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f71a 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f71b 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f71c 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f71d 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f71e 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f67f 111332 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f693 39339 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6a7 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6bb 27440 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6cf 26866 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6e3 37282 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f6f7 82498 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f70b 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f71f 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f720 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f721 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f722 0 bytes File C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Cache\f_07f723 0 bytes ---- EOF - GMER 2.1 ----