GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-26 01:54:10 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 WDC_WD5003AZEX-00K1GA0 rev.80.00A80 465,76GB Running: rmq2tm48.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pxldrpoc.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0E2B12AD-B677-4207-A639-776F62C6F5B3}\Connection@Name isatap.home Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 179036497 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{0E2B12AD-B677-4207-A639-776F62C6F5B3}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{0E2B12AD-B677-4207-A639-776F62C6F5B3}@DefunctTimestamp 0x7A 0xBB 0x38 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 10704 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 5460 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2EBC2FE4-6F88-40F7-8CEC-5858082DE03E}@LeaseObtainedTime 1480116627 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2EBC2FE4-6F88-40F7-8CEC-5858082DE03E}@T1 1480118427 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2EBC2FE4-6F88-40F7-8CEC-5858082DE03E}@T2 1480119777 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2EBC2FE4-6F88-40F7-8CEC-5858082DE03E}@LeaseTerminatesTime 1480120227 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List@File1 C:\Users\Admin\Desktop\asfffffffffffffffffffff.png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List@File2 C:\Users\Admin\Desktop\saddddddddddddddddddddddddddd.png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List@File3 C:\Users\Admin\Desktop\safas.png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List@File4 C:\Users\Admin\Desktop\asdasd.png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List@File5 C:\Users\Admin\Desktop\Tara asleh gable.png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List@File6 C:\Users\Admin\Desktop\89 ?wiat8.png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List@File7 C:\Users\Admin\Desktop\qwr.png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List@File8 C:\Users\Admin\Desktop\fassssss.png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List@File9 C:\Users\Admin\Desktop\2048 best.png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List@File1 C:\Users\Admin\Downloads\UWAGA (1).docx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List@File2 C:\Users\Admin\Downloads\UWAGA.docx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU@1 0x6E 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU@2 0x6D 0x00 0x73 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU@0 0x63 0x00 0x68 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder@MRUListEx 0x01 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder@0 0x43 0x00 0x3A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder@1 0x43 0x00 0x3A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU@1 0x6E 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU@2 0x6D 0x00 0x73 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU@0 0x63 0x00 0x68 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\* Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@0 0x7E 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@1 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@2 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@3 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@4 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@5 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@6 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@7 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@8 0x7E 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@9 0x60 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@10 0x5C 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@11 0xA4 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@12 0x86 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@13 0x6C 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@14 0x78 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@15 0xBA 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@16 0x92 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@17 0x6C 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@18 0xC2 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@19 0x92 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpeg Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpeg@0 0x92 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpeg@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@0 0x14 0x00 0x1F 0x50 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@MRUListEx 0x0E 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@1 0x14 0x00 0x1F 0x50 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@2 0x66 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@3 0x9C 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@4 0x8A 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@5 0x9C 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@6 0x7E 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@7 0x7A 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@8 0x26 0x01 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@9 0x6C 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@10 0x78 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@11 0xBA 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@12 0x6C 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@13 0xC2 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@14 0x7E 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@0 0x14 0x00 0x1F 0x50 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@0 0x92 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@1 0x14 0x00 0x1F 0x50 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@2 0x5A 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@3 0x68 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@4 0x50 0x00 0x31 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@5 0x66 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@6 0x56 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@7 0x72 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@8 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@9 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@10 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@11 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@12 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@13 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@14 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@15 0x76 0x00 0x36 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@16 0x7E 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@17 0x60 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@18 0x5C 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@19 0xA4 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@0 0x72 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@MRUListEx 0x02 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@1 0x78 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@2 0x86 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/@0 0x77 0x00 0x77 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.com/@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.docx Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.docx@0 0x55 0x00 0x57 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.docx@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html@MRUListEx 0x03 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html@1 0x62 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html@0 0x62 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html@2 0x62 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.html@3 0x62 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpeg Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpeg@0 0x7A 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpeg@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@2 0x33 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@1 0x32 0x00 0x30 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@5 0x32 0x00 0x30 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@4 0x44 0x00 0x53 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@6 0x62 0x00 0x38 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@9 0x32 0x00 0x30 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@8 0x63 0x00 0x65 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@7 0x6B 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@3 0x61 0x00 0x32 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg@0 0x66 0x00 0x65 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@MRUListEx 0x09 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@7 0x44 0x00 0x6A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@8 0x44 0x00 0x6A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@1 0x44 0x00 0x6A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@0 0x44 0x00 0x6A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@2 0x44 0x00 0x4A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@4 0x74 0x00 0x2E 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@5 0x54 0x00 0x68 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@6 0x62 0x00 0x6F 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@3 0x55 0x00 0x4E 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp3@9 0x50 0x00 0x65 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@0 0x42 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@MRUListEx 0x04 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@1 0x54 0x00 0x65 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@2 0x44 0x00 0x6A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@3 0x44 0x00 0x6A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mp4@4 0x44 0x00 0x6A 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.pdf@0 0x62 0x00 0x69 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@MRUListEx 0x02 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@4 0x38 0x00 0x39 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@0 0x38 0x00 0x39 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@5 0x38 0x00 0x39 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@6 0x38 0x00 0x39 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@3 0x38 0x00 0x39 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@7 0x54 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@8 0x61 0x00 0x73 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@9 0x73 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@1 0x73 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.png@2 0x61 0x00 0x73 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@0 0x74 0x00 0x68 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@MRUListEx 0x04 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@2 0x61 0x00 0x73 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@1 0x61 0x00 0x66 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@3 0x61 0x00 0x73 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt@4 0x61 0x00 0x61 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@MRUListEx 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery@0 0x67 0x00 0x6C 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count 121 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{553891B7-A0D5-4526-BE18-D3CE461D6310}\iexplore@Count 121 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016103120161107 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016103120161107@CachePrefix :2016103120161107: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016103120161107@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016103120161107 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016103120161107@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016103120161107@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016103120161107@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016110720161114 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016110720161114@CachePrefix :2016110720161114: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016110720161114@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016110720161114 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016110720161114@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016110720161114@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016110720161114@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016111420161121 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016111420161121@CachePrefix :2016111420161121: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016111420161121@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016111420161121 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016111420161121@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016111420161121@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016111420161121@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112320161124 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112320161124@CachePrefix :2016112320161124: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112320161124@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016112320161124 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112320161124@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112320161124@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112320161124@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112420161125 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112420161125@CachePrefix :2016112420161125: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112420161125@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016112420161125 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112420161125@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112420161125@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112420161125@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112520161126 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112520161126@CachePrefix :2016112520161126: Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112520161126@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016112520161126 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112520161126@CacheOptions 11 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112520161126@CacheRepair 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016112520161126@CacheLimit 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\PushNotifications@MobileBroadbandLastResetDate 0xDE 0x56 0xC6 0x8C ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting@LastRateLimitedDumpGenerationTime 0xBA 0x50 0x89 0x98 ... Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\Users\Admin\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_ac79cde699cab7f9871964b2474ef2466f61a629_d3ffa160_142706c1 Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@LastReflectionAttemptResult 0 ---- EOF - GMER 2.2 ----