GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-05 14:33:24 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 SanDisk_SDSSDHII240G rev.X31200RL 223,57GB Running: uko7rt9y.exe; Driver: C:\Users\Kris\AppData\Local\Temp\fwryipob.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600010d300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff9600010d310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...] ---- User code sections - GMER 2.2 ---- .text C:\Program Files\CCleaner\CCleaner64.exe[5652] C:\Windows\system32\USER32.dll!ShowScrollBar 00007ffb334b1150 5 bytes JMP 00007ffab3520018 .text C:\Program Files\CCleaner\CCleaner64.exe[5652] C:\Windows\system32\USER32.dll!SetScrollInfo 00007ffb334bc770 5 bytes JMP 00007ffab34d0018 .text C:\Program Files\CCleaner\CCleaner64.exe[5652] C:\Windows\system32\USER32.dll!GetScrollInfo 00007ffb334c66f0 5 bytes JMP 00007ffab34e0018 .text C:\Program Files\CCleaner\CCleaner64.exe[5652] C:\Windows\system32\USER32.dll!SetScrollRange 00007ffb334c90c0 5 bytes JMP 00007ffab34f0018 .text C:\Program Files\CCleaner\CCleaner64.exe[5652] C:\Windows\system32\USER32.dll!SetScrollPos 00007ffb334e50d0 5 bytes JMP 00007ffab3560018 .text C:\Program Files\CCleaner\CCleaner64.exe[5652] C:\Windows\system32\USER32.dll!EnableScrollBar 00007ffb334e7340 5 bytes JMP 00007ffab3500018 .text C:\Program Files\CCleaner\CCleaner64.exe[5652] C:\Windows\system32\USER32.dll!GetScrollPos 00007ffb334efcc0 5 bytes JMP 00007ffab3510018 .text C:\Program Files\CCleaner\CCleaner64.exe[5652] C:\Windows\system32\USER32.dll!GetScrollRange 00007ffb3353ed20 5 bytes JMP 00007ffab3550018 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffb33fb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffafd55e570] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3536] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffb33fb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffafd55e570] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5672] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6308] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffafd55e570] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6308] @ C:\Users\Kris\AppData\Local\Google\Chrome\User Data\PepperFlash\25.0.0.148\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [7ffb33df002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffb33fb002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\USER32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\ole32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\ole32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffafd55e570] C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffb33fb006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffb3363002c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [596:620] fffff9600084a2d0 Thread C:\Windows\system32\svchost.exe [992:2072] 0000007b99600c8c Thread C:\Windows\system32\svchost.exe [992:2080] 0000007b99600c8c Thread C:\Windows\system32\svchost.exe [992:2084] 0000007b99600c8c Thread C:\Windows\system32\svchost.exe [992:2744] 0000007b995f7378 Thread C:\Windows\system32\svchost.exe [992:2748] 0000007b995f7378 Thread C:\Windows\SysWOW64\svchost.exe [708:5764] 00000000034e2acf Thread C:\Windows\SysWOW64\svchost.exe [708:1764] 00000000034e2acf Thread C:\Windows\SysWOW64\svchost.exe [708:4776] 00000000034e2acf Thread C:\Windows\SysWOW64\svchost.exe [708:3412] 00000000034e2acf Thread C:\Windows\SysWOW64\svchost.exe [708:2304] 00000000034e2acf ---- Services - GMER 2.2 ---- Service C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe (*** hidden *** ) [AUTO] FirefoxU <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x4E 0xFC 0x43 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xAB 0x01 0x8E 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xEA 0x5D 0x46 0xDD ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x03 0x81 0x90 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 157 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD04560_00_07DE_85^DDDA5AD2D3CEA1958A26B66C52A258E9@Timestamp 0xA4 0x57 0x3D 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 664 Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 368 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\Kris\AppData\Local\Temp\FFA8.tmp??\??\C:\Users\Kris\AppData\Local\Temp\GoogleUpdate.exe230cc7??\??\C:\Users\Kris\AppData\Local\Temp\goopdate.dll230cf6?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900138 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 974797736 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 161 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 503589139 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 6122 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 6111 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID e5b6dd8a-5d51-4a76-bfe3-dcf5bbb Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a08869bc7f7c Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\bc8556676006 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d07e3554b851 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d07e3554b851@a0e45309363f 0xB3 0x33 0x7A 0xD7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d07e3554b851@b4527da702d2 0xCD 0x06 0x2C 0xF6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d07e3554b851@08df1fa4fffa 0x40 0x38 0x09 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d07e3554b851@b0c559144788 0xB1 0xD9 0x1F 0xB7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d07e3554b851@38a4edd25563 0xC7 0xC9 0xDC 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d07e3554b851@1c56fe1b0a5a 0xE4 0x21 0x87 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{6f203e3c-f4d3-49bb-b7ac-a9143aebd9e6}@LastProbeTime 1493989844 Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@ImagePath "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe" Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@DisplayName Update Service(FirefoxU) Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@DependOnService RpcSs? Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@Description Keeps your Firefox software up to date. If this service is disabled or stopped, your Firefox software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Firefox software using it. Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@DelayedAutostart 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU@FailureActions 0x3C 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\FirefoxU Reg HKLM\SYSTEM\CurrentControlSet\Services\LUMDriver\Parameters@I4TIME 1493984803 Reg HKLM\SYSTEM\CurrentControlSet\Services\NcbService\NCB\KapiNlmCache\124@Timestamp 0xDA 0xB4 0xC1 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 24780 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 9796 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{9FAA1368-858F-479D-955C-F7DF0FA4FACA} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\pandasecuritytb\dtUser.exe|Name=Panda Security Toolbar DTX Broker| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{51996BD6-3B62-495B-B04C-F1FDE3D0112C} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\pandasecuritytb\dtUser.exe|Name=Panda Security Toolbar DTX Broker| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{25E0BB87-83F1-4D45-837C-F4100B735B0B} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Toolbar Cleaner\ToolbarCleaner.exe|Name=ToolbarCleaner| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{EC0C6A43-660F-4C09-BD3F-9E4F555A5BDA} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Toolbar Cleaner\ToolbarCleaner.exe|Name=ToolbarCleaner| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{60B43A86-FD27-4F36-886D-73FB113B3D42} v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe|Name=Update service| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{61769489-09AF-4E13-886E-8C2F559966BA} v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\Firefox.exe|Name=Firefox browser| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 160 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE5AECCF-85E1-4B25-A32E-E41D20B83304}@LeaseObtainedTime 1493982641 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE5AECCF-85E1-4B25-A32E-E41D20B83304}@T1 1494112241 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE5AECCF-85E1-4B25-A32E-E41D20B83304}@T2 1494209441 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE5AECCF-85E1-4B25-A32E-E41D20B83304}@LeaseTerminatesTime 1494241841 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastSqmLog 0xB5 0x1C 0x01 0xEF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 132 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@0 0x92 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@0 0x5C 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@MRUListEx 0x01 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@1 0x5C 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@MRUListEx 0x04 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@5 0x30 0x00 0x30 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@6 0x30 0x00 0x30 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@7 0x30 0x00 0x31 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@8 0x30 0x00 0x31 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@9 0x30 0x00 0x31 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@1 0x30 0x00 0x31 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@2 0x30 0x00 0x31 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@0 0x50 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@3 0x4E 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi@4 0x52 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc@0 0x77 0x00 0x7A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc@MRUListEx 0x02 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc@1 0x50 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.doc@2 0x4B 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.docx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.docx@0 0x4B 0x00 0x72 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.docx@MRUListEx 0x03 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.docx@1 0x74 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.docx@2 0x4E 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.docx@3 0x50 0x00 0x72 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html@0 0x77 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iso Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iso@0 0x4D 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.iso@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@1 0x32 0x00 0x30 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@2 0x44 0x00 0x53 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@3 0x49 0x00 0x4D 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@4 0x44 0x00 0x53 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@5 0x44 0x00 0x53 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@6 0x44 0x00 0x53 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@7 0x44 0x00 0x53 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@8 0x44 0x00 0x53 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@9 0x44 0x00 0x53 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@0 0x66 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mkv Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mkv@0 0x41 0x00 0x72 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mkv@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@MRUListEx 0x09 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@5 0x31 0x00 0x33 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@3 0x41 0x00 0x72 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@8 0x54 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@6 0x42 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@7 0x6B 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@0 0x52 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@1 0x4A 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@2 0x70 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@4 0x44 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@9 0x53 0x00 0x68 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@0 0x4D 0x00 0x4F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@MRUListEx 0x02 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@1 0x4D 0x00 0x4F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@2 0x54 0x00 0x68 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ods Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ods@0 0x4E 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.ods@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@MRUListEx 0x09 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@0 0x33 0x00 0x34 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@1 0x37 0x00 0x33 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@2 0x55 0x00 0x73 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@3 0x32 0x00 0x33 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@4 0x74 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@5 0x48 0x00 0x52 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@6 0x48 0x00 0x52 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@7 0x48 0x00 0x52 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@8 0x31 0x00 0x31 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@9 0x32 0x00 0x35 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pptx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pptx@0 0x31 0x00 0x30 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pptx@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.rar Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.rar@0 0x43 0x00 0x72 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.rar@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@0 0x6D 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@MRUListEx 0x05 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@1 0x6A 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@2 0x31 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@3 0x4E 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@4 0x32 0x00 0x35 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@5 0x32 0x00 0x33 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xls Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xls@0 0x68 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xls@MRUListEx 0x01 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xls@1 0x55 0x00 0x7A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xlsx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xlsx@0 0x32 0x00 0x30 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xlsx@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xml Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xml@0 0x77 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xml@MRUListEx 0x01 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.xml@1 0x68 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip@0 0x70 0x00 0x64 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@MRUListEx 0x0A 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@11 0x54 0x00 0x68 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@12 0x4E 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@13 0x4D 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@14 0x47 0x00 0x72 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@15 0x53 0x00 0x74 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@16 0x5A 0x00 0x44 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@17 0x7A 0x00 0x64 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@18 0x65 0x00 0x2D 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@19 0x5A 0x00 0x64 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@20 0x54 0x00 0x65 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@21 0x53 0x00 0x74 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@22 0x4E 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@23 0x4E 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@24 0x50 0x00 0x75 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@25 0x57 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@26 0x4D 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@27 0x31 0x00 0x30 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@28 0x46 0x00 0x72 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@29 0x4B 0x00 0x72 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@1 0x4F 0x00 0x6A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@3 0x4F 0x00 0x6A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@5 0x4D 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@4 0x4B 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@6 0x64 0x00 0x72 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@2 0x32 0x00 0x38 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@7 0x49 0x00 0x6E 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@0 0x46 0x00 0x49 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@8 0x41 0x00 0x70 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@9 0x4D 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder@10 0x44 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesChanges 55 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@0 0x6C 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore@Count 14 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore@Blocked 14 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 18 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017042420170501 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017042420170501@CachePrefix :2017042420170501: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017042420170501@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017042420170501 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017042420170501@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017042420170501@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017042420170501@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050220170503 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050220170503@CachePrefix :2017050220170503: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050220170503@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017050220170503 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050220170503@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050220170503@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050220170503@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050520170506 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050520170506@CachePrefix :2017050520170506: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050520170506@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017050520170506 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050520170506@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050520170506@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017050520170506@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xCB 0x70 0xE3 0x38 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xCB 0x70 0xE3 0x38 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 335 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xCB 0x70 0xE3 0x38 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 82325 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xCB 0x70 0xE3 0x38 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63629578136947%3bID%3dE3C8F45D80281592!107%3bLR%3d63629579469207%3bEP%3d15%3bSI%3d14%3bSO%3d0%3bPI%3d49 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0x93 0x8E 0x0C 0x2E ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x85 0xD9 0x87 0x3E ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications@MobileBroadbandLastResetDate 0xD2 0xB7 0x71 0xE4 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 8 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@8 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices\Redmi.lnk?C:\Program Files (x86)\Intel\Bluetooth\btmsrvview.exe?38:A4:ED:D2:55:63? Reg HKCU\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\http\UserChoice@Hash oK7Yh+Xd/MU= Reg HKCU\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\http\UserChoice@ProgId ChromeHTML Reg HKCU\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\https\UserChoice@Hash AXAaUUKa9kY= Reg HKCU\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\https\UserChoice@ProgId ChromeHTML Reg HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice@Hash kydUCEymgIM= Reg HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice@ProgId ChromeHTML Reg HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice@Hash Cvzk7CvsAcw= Reg HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice@ProgId ChromeHTML ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----