Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IP Address blacklisted.. emails sent outgoing all bounced


  • This topic is locked This topic is locked
3 replies to this topic

#1 sianzguy

sianzguy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 02 November 2012 - 06:35 PM

Hi there the the admin here..

I am seeking help here to see finally afterwhat has gone wrong with the computer systme. I have been cleaning for about a month but to no avail. Eash time affter cleaning the com, when I start to send emails to my clients, shortly later I will be listed again in the RBL black list and will have to start searching for a new job againBelow is the log the I took for you to investigate on what is wrong with my com which i couldn't


Automated/scripted bulk lookups are forbidden. Upon detection, automated scripts will be denied access, and the source IP may be listed in the CBL.

Enter an IP address:


--------------------------------------------------------------------------------

IP Address 182.55.133.41 is listed in the CBL. It appears to be infected with a spam sending trojan or proxy.

It was last detected at 2012-11-02 14:00 GMT (+/- 30 minutes), approximately 6 hours ago.

It has been relisted following a previous removal at 2012-11-02 02:09 GMT (18 hours, 21 minutes ago)

The listing of this IP is because it HELOs as 192.168.0.17. Not only is this a violation of RFC2821/5321 section 4.1.1.1, it's even more frequently a sign of infection.

In all probability this IP address is a NAT gateway, and the machine at 192.168.0.17 in your local LAN is either infected, or if it's a server, badly misconfigured.

If it's a mail server, see naming problems for details on how to diagnose and fix the problem.

If IP address 192.168.0.17 is or is NATing for a Symantec Protection Center instance, this appears to be a known issue. See this Knowlege Base item. We are attempting to work through this issue with them. Their KB item was updated October 18, 2010 to indicate that they now understand the issue. The KB item indicates that the problem will be resolved in a "future build", but no ETA is provided. If you have SPC's email notification feature turned on, we recommend turning it off before delisting your IP address as a temporary workaround.

This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.


The log below is Run with DDS.exe for your investigation and hope that I can clear whatever viruses that are still in the system.

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
Run by Terence Tham at 7:04:51 on 2012-11-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.65.1033.18.3062.707 [GMT 8:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Privatefirewall *Enabled* {F9380B5D-D31C-8B74-72FB-D86DF39490C2}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2013\avgfws.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Terence Tham\Desktop\3y4eezsc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.avg.com/
mStart Page = about:blank
uProxyServer = 182.55.237.252:8080
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: DisableThumbnailsOnNetworkFolders = dword:1
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableStartupSound = dword:1
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7D574C80-C42D-4814-949E-6737E8CA738B} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{FF4263DD-012E-46C8-9FC7-4BCCC3CF4C87} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{FF4263DD-012E-46C8-9FC7-4BCCC3CF4C87}\C445138396 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{FF4263DD-012E-46C8-9FC7-4BCCC3CF4C87}\C696E6B6379737 : DHCPNameServer = 218.186.2.16 218.186.1.58 218.186.2.6
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 55008]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 50296]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 177504]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-6 26984]
R1 MpKslf71aecd7;MpKslf71aecd7;c:\programdata\microsoft\microsoft antimalware\definition updates\{5f299682-0d50-4258-8325-a3be9c830119}\MpKslf71aecd7.sys [2012-11-3 29904]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2012-5-10 127568]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-10-2 1314720]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-10-2 5783672]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-2 193568]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
R2 PFNet;Privacyware network service;c:\program files\privacyware\privatefirewall 7.0\pfsvc.exe [2012-5-31 374160]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-22 1153368]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-10-11 711112]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-10-31 245760]
R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2012-3-25 6639616]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-29 136176]
S2 WebOptimizer;WebOptimizer; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-3-1 227896]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-26 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-29 136176]
S3 MDaemon;MDaemon; [x]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-11 657408]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-29 14848]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-7-27 155320]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard; [x]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-29 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-10-29 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-29 1343400]
S3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
.
=============== Created Last 30 ================
.
2012-11-02 23:00:44 29904 -c--a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5f299682-0d50-4258-8325-a3be9c830119}\MpKslf71aecd7.sys
2012-11-02 07:13:08 -------- dc----w- c:\program files\MSECache
2012-11-02 06:35:44 56200 -c--a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5f299682-0d50-4258-8325-a3be9c830119}\offreg.dll
2012-11-02 05:47:37 -------- dc----w- C:\Symbols
2012-11-02 05:16:38 740784 -c--a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d29e7bc8-7a8c-4cfc-959b-d5b04e648d39}\gapaengine.dll
2012-11-02 05:16:29 6918632 -c--a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5f299682-0d50-4258-8325-a3be9c830119}\mpengine.dll
2012-11-01 23:38:06 -------- dc----w- c:\users\terence tham\appdata\local\Privatefirewall
2012-11-01 18:21:50 -------- dc----w- c:\programdata\Sophos
2012-11-01 18:21:22 73728 -c--a-r- c:\users\terence tham\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-01 18:21:22 73728 -c--a-r- c:\users\terence tham\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-11-01 18:21:22 73728 -c--a-r- c:\users\terence tham\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-11-01 18:21:14 -------- dc----w- c:\program files\Sophos
2012-11-01 17:05:11 -------- dcsh--w- C:\$RECYCLE.BIN
2012-11-01 17:02:22 -------- dc----w- c:\users\terence tham\appdata\local\temp
2012-11-01 16:30:15 -------- dc----w- c:\program files\NirSoft
2012-11-01 14:05:16 -------- dc----w- c:\users\terence tham\appdata\roaming\Firetrust
2012-11-01 14:04:06 -------- dc----w- c:\users\terence tham\appdata\local\Adobe
2012-11-01 14:03:49 -------- dc----w- c:\program files\Firetrust
2012-11-01 14:03:19 -------- dc----w- c:\programdata\Firetrust
2012-11-01 06:33:47 -------- dc----w- c:\program files\MustBeRandomlyNamed
2012-11-01 06:16:44 -------- dc----w- c:\programdata\Kaspersky Lab
2012-10-31 10:00:25 -------- dc----w- c:\program files\Browny02
2012-10-31 10:00:15 126976 ------w- c:\windows\system32\BrfxD05b.dll
2012-10-31 10:00:14 74752 ----a-w- c:\windows\system32\BrNetSti.dll
2012-10-31 10:00:14 180224 ----a-w- c:\windows\system32\BrMuSNMP.dll
2012-10-31 10:00:02 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-10-31 10:00:02 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-10-31 10:00:02 3072 ------w- c:\windows\system32\BrDctF2S.dll
2012-10-31 09:59:55 180224 ------w- c:\windows\system32\BroSNMP.dll
2012-10-30 04:10:24 -------- dc----w- c:\users\terence tham\appdata\roaming\Wireshark
2012-10-29 23:10:01 -------- dc----w- c:\program files\WinPcap
2012-10-29 20:00:18 -------- d-----w- c:\windows\system32\catroot2
2012-10-29 18:35:18 -------- dc----w- c:\program files\Wireshark
2012-10-29 17:58:02 -------- dc----w- C:\RegBackup
2012-10-29 17:25:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-29 12:30:46 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-10-29 12:28:06 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-29 12:28:06 247808 ----a-w- c:\windows\system32\schannel.dll
2012-10-29 12:28:06 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-29 12:28:05 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-29 12:28:04 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-29 11:04:07 -------- d-----w- c:\windows\CheckSur
2012-10-25 06:18:52 -------- dc----w- c:\users\terence tham\Doctor Web
2012-10-24 02:15:23 -------- dc----w- c:\users\terence tham\appdata\roaming\ParetoLogic
2012-10-24 02:14:16 -------- dc----w- c:\program files\ParetoLogic
2012-10-24 00:20:35 -------- dc----w- c:\users\terence tham\appdata\roaming\SUPERAntiSpyware.com
2012-10-24 00:20:14 -------- dc----w- c:\programdata\SUPERAntiSpyware.com
2012-10-22 18:17:12 -------- dc----w- c:\program files\stinger
2012-10-22 11:18:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-21 00:44:04 299544 ----a-w- c:\windows\RegGenieOnUninstall.exe
2012-10-21 00:38:51 -------- dc----w- c:\users\terence tham\appdata\local\MFAData
2012-10-20 14:25:32 -------- dc----w- c:\program files\Bulk Mailer
2012-10-20 11:06:29 6734704 -c--a-w- c:\programdata\microsoft\windows defender\definition updates\{7c1369ea-32a4-4bc3-b522-45f4dfbdd7a5}\mpengine.dll
2012-10-19 15:53:13 -------- dc----w- c:\programdata\Kaspersky Lab Setup Files
2012-10-17 13:43:13 -------- dc----w- c:\program files\Microsoft Security Client
2012-10-16 10:06:55 1703936 -c--a-w- c:\programdata\microsoft\windows\start menu\programs\live bulk mailer\Bulk Mailer.exe
2012-10-16 05:56:04 -------- dc----w- c:\program files\SUPERAntiSpyware
2012-10-16 02:58:38 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-15 16:18:00 -------- dc----w- c:\program files\Registry Easy
2012-10-15 14:16:15 -------- dc----w- c:\program files\Live Bulk Mailer
2012-10-11 14:00:35 -------- dc----w- c:\users\terence tham\appdata\roaming\AVG2013
2012-10-11 13:42:54 -------- dc----w- c:\users\terence tham\appdata\roaming\TuneUp Software
2012-10-11 13:34:42 -------- dc----w- c:\programdata\AVG2013
2012-10-11 13:25:21 -------- dc----w- c:\users\terence tham\appdata\local\Avg2013
2012-10-10 23:59:10 -------- dc----w- c:\programdata\{6431C944-2247-4165-8B35-66184D711374}
2012-10-10 23:32:13 -------- dc----w- c:\users\terence tham\appdata\local\ApplicationHistory
2012-10-10 23:31:57 -------- dc----w- c:\programdata\{6AB0C285-B572-43E3-B4B2-295CB019D590}
2012-10-10 23:31:56 -------- dc----w- c:\users\terence tham\appdata\local\Seven Zip
2012-10-10 22:08:42 -------- dc----w- c:\programdata\{51D9AE39-DE5B-4A30-969F-E3E1BCD93EA4}
2012-10-10 22:01:23 -------- dc----w- c:\programdata\{36B7E4FF-9E7B-46F2-B3E9-D12C3B4B7F9B}
2012-10-10 13:26:17 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 13:26:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-09 17:09:48 -------- dc----w- c:\users\terence tham\appdata\roaming\GoforFiles
2012-10-09 16:18:27 -------- dc----w- c:\program files\Live Software Inc
2012-10-09 16:18:16 -------- dc----w- c:\programdata\{FCAF7277-48D7-4C29-9CF3-0080D39EF16C}
2012-10-08 22:58:58 -------- dc----w- c:\program files\ElcomSoft
2012-10-08 22:10:36 -------- dc----w- c:\program files\Nsasoft
2012-10-08 19:20:17 -------- dc----w- c:\programdata\{8A7B2B88-D05A-44E4-95DD-EFA289D31BF9}
2012-10-08 18:53:56 319227 ----a-w- c:\windows\system32\libssl32.dll
2012-10-08 18:53:56 1420110 ----a-w- c:\windows\system32\libeay32.dll
2012-10-08 18:53:56 -------- dc----w- c:\users\terence tham\appdata\roaming\GSA Email Spider
2012-10-08 18:53:55 -------- dc----w- c:\program files\GSA Email Spider
2012-10-05 12:28:32 -------- dc----w- c:\program files\TorrentHandler
.
==================== Find3M ====================
.
2012-10-29 17:25:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-29 17:25:54 11776 ----a-w- c:\windows\system32\mshta.exe
2012-10-29 17:25:54 101888 ----a-w- c:\windows\system32\admparse.dll
2012-10-29 17:25:52 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-29 17:25:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-10-16 02:55:39 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-11 13:39:48 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-09 15:20:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 15:20:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-01 19:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-20 19:46:06 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-20 19:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-20 19:45:54 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-20 19:45:52 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-13 19:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-12 19:11:20 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-09-04 02:39:32 50296 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 14:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 14:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-27 21:34:36 528 -c--a-r- c:\users\terence tham\MediaID.bin
2012-08-23 15:52:09 3072 ----a-w- c:\windows\system32\drivers\en-us\tsusbflt.sys.mui
2012-08-23 14:48:14 221184 ----a-w- c:\windows\system32\rdpudd.dll
2012-08-23 14:44:32 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-08-23 14:41:34 27136 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2012-08-23 14:40:25 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-08-23 14:10:04 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-08-23 13:52:25 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-08-23 13:47:20 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-08-23 13:46:20 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2012-08-23 13:32:59 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-08-23 13:18:14 37376 ----a-w- c:\windows\system32\tsgqec.dll
2012-08-23 11:40:43 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-08-23 11:32:48 317440 ----a-w- c:\windows\system32\wksprt.exe
2012-08-23 11:15:57 269312 ----a-w- c:\windows\system32\aaclient.dll
2012-08-23 11:12:17 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-08-23 10:39:24 1048064 ----a-w- c:\windows\system32\mstsc.exe
2012-08-23 10:08:49 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2012-08-23 08:19:01 4916224 ----a-w- c:\windows\system32\mstscax.dll
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ----a-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ----a-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ----a-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ----a-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-16 11:43:10 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2012-08-10 23:56:14 542208 ----a-w- c:\windows\system32\kerberos.dll
.
============= FINISH: 7:05:27.39 ===============

For GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-03 07:31:01
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542525K9SA00 rev.BBFOC32P
Running: 3y4eezsc.exe; Driver: C:\Users\TERENC~1\AppData\Local\Temp\kgdoakog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwAdjustPrivilegesToken [0x940103F0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwConnectPort [0x94013750]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateFile [0x940129D0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateKey [0x94010080]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreatePort [0x94013AA0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateSymbolicLinkObject [0x94012F60]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateThread [0x94013DA0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateUserProcess [0x940132E0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDebugActiveProcess [0x9400FB50]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteKey [0x94012250]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteValueKey [0x940123B0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x941F014A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x941F021A]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenFile [0x94012CD0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenKey [0x9400FE80]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x941EFD7C]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenSection [0x9400F6A0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenThread [0x940102A0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwResumeThread [0x94013230]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSecureConnectPort [0x940138F0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSetInformationFile [0x94013080]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSetValueKey [0x94012080]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x941EFF6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x941F0000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x941EFE32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x941EFECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x941F009C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E77A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB14D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82EB850C 4 Bytes [F0, 03, 01, 94]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82EB85C8 4 Bytes [50, 37, 01, 94]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82EB85E4 4 Bytes [D0, 29, 01, 94]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82EB85F4 4 Bytes [80, 00, 01, 94] {ADD BYTE [EAX], 0x1; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11DB 82EB8610 4 Bytes [A0, 3A, 01, 94]
.text ...
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A1C3A000 114 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5003 A1C3A073 175 Bytes [A1, 32, C0, EB, 02, B0, 01, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A1C3A123 629 Bytes [55, C3, A1, FE, 05, 34, 55, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A1C3A399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A1C3A3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1824] kernel32.dll!CreateThread 766EDCC2 5 Bytes JMP 6A0475E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!EnableWindow 76908D02 5 Bytes JMP 6A089EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!CallNextHookEx 7690ABE1 5 Bytes JMP 6A0A7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!UnhookWindowsHookEx 7690ADF9 5 Bytes JMP 6A0CED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DefWindowProcA 7690BB1C 7 Bytes JMP 6A04980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!CreateWindowExA 7690BF40 5 Bytes JMP 6A053643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!SetWindowsHookExW 7690E30C 5 Bytes JMP 6A0825B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!CreateWindowExW 7690EC7C 5 Bytes JMP 6A0B03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DefWindowProcW 7691507D 7 Bytes JMP 6A0A8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxParamW 76923B9B 5 Bytes JMP 69FE1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxIndirectParamW 76933B7F 5 Bytes JMP 6A1D902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxParamA 7694CF42 5 Bytes JMP 6A1D8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!DialogBoxIndirectParamA 7694D274 5 Bytes JMP 6A1D9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxIndirectA 7695E869 5 Bytes JMP 6A1D8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxIndirectW 7695E963 5 Bytes JMP 6A1D8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxExA 7695E9C9 5 Bytes JMP 6A1D8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] USER32.dll!MessageBoxExW 7695E9ED 5 Bytes JMP 6A1D8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1824] ole32.dll!OleLoadFromStream 76546143 5 Bytes JMP 6A1D97FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!EnableWindow 76908D02 5 Bytes JMP 6A089EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!DialogBoxParamW 76923B9B 5 Bytes JMP 69FE1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!DialogBoxIndirectParamW 76933B7F 5 Bytes JMP 6A1D902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!DialogBoxParamA 7694CF42 5 Bytes JMP 6A1D8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!DialogBoxIndirectParamA 7694D274 5 Bytes JMP 6A1D9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!MessageBoxIndirectA 7695E869 5 Bytes JMP 6A1D8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!MessageBoxIndirectW 7695E963 5 Bytes JMP 6A1D8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!MessageBoxExA 7695E9C9 5 Bytes JMP 6A1D8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2660] USER32.dll!MessageBoxExW 7695E9ED 5 Bytes JMP 6A1D8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] kernel32.dll!CreateThread 766EDCC2 5 Bytes JMP 6A0475E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!EnableWindow 76908D02 5 Bytes JMP 6A089EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!CallNextHookEx 7690ABE1 5 Bytes JMP 6A0A7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!UnhookWindowsHookEx 7690ADF9 5 Bytes JMP 6A0CED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!DefWindowProcA 7690BB1C 7 Bytes JMP 6A04980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!CreateWindowExA 7690BF40 5 Bytes JMP 6A053643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!SetWindowsHookExW 7690E30C 5 Bytes JMP 6A0825B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!CreateWindowExW 7690EC7C 5 Bytes JMP 6A0B03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!DefWindowProcW 7691507D 7 Bytes JMP 6A0A8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!DialogBoxParamW 76923B9B 5 Bytes JMP 69FE1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!DialogBoxIndirectParamW 76933B7F 5 Bytes JMP 6A1D902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!DialogBoxParamA 7694CF42 5 Bytes JMP 6A1D8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!DialogBoxIndirectParamA 7694D274 5 Bytes JMP 6A1D9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!MessageBoxIndirectA 7695E869 5 Bytes JMP 6A1D8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!MessageBoxIndirectW 7695E963 5 Bytes JMP 6A1D8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!MessageBoxExA 7695E9C9 5 Bytes JMP 6A1D8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] USER32.dll!MessageBoxExW 7695E9ED 5 Bytes JMP 6A1D8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3300] ole32.dll!OleLoadFromStream 76546143 5 Bytes JMP 6A1D97FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] kernel32.dll!CreateThread 766EDCC2 5 Bytes JMP 6A0475E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!EnableWindow 76908D02 5 Bytes JMP 6A089EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CallNextHookEx 7690ABE1 5 Bytes JMP 6A0A7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!UnhookWindowsHookEx 7690ADF9 5 Bytes JMP 6A0CED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DefWindowProcA 7690BB1C 7 Bytes JMP 6A04980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateWindowExA 7690BF40 5 Bytes JMP 6A053643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!SetWindowsHookExW 7690E30C 5 Bytes JMP 6A0825B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!CreateWindowExW 7690EC7C 5 Bytes JMP 6A0B03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DefWindowProcW 7691507D 7 Bytes JMP 6A0A8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxParamW 76923B9B 5 Bytes JMP 69FE1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxIndirectParamW 76933B7F 5 Bytes JMP 6A1D902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxParamA 7694CF42 5 Bytes JMP 6A1D8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!DialogBoxIndirectParamA 7694D274 5 Bytes JMP 6A1D9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxIndirectA 7695E869 5 Bytes JMP 6A1D8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxIndirectW 7695E963 5 Bytes JMP 6A1D8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxExA 7695E9C9 5 Bytes JMP 6A1D8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] USER32.dll!MessageBoxExW 7695E9ED 5 Bytes JMP 6A1D8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4476] ole32.dll!OleLoadFromStream 76546143 5 Bytes JMP 6A1D97FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4876] kernel32.dll!SetUnhandledExceptionFilter 766EF4FB 5 Bytes JMP 5D3350B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4876] ole32.dll!OleLoadFromStream 76546143 3 Bytes JMP 5DDFE11A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4876] ole32.dll!OleLoadFromStream + 4 76546147 1 Byte [E7]
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] kernel32.dll!CreateThread 766EDCC2 5 Bytes JMP 6A0475E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!EnableWindow 76908D02 5 Bytes JMP 6A089EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!CallNextHookEx 7690ABE1 5 Bytes JMP 6A0A7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!UnhookWindowsHookEx 7690ADF9 5 Bytes JMP 6A0CED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!DefWindowProcA 7690BB1C 7 Bytes JMP 6A04980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!CreateWindowExA 7690BF40 5 Bytes JMP 6A053643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!SetWindowsHookExW 7690E30C 5 Bytes JMP 6A0825B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!CreateWindowExW 7690EC7C 5 Bytes JMP 6A0B03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!DefWindowProcW 7691507D 7 Bytes JMP 6A0A8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!DialogBoxParamW 76923B9B 5 Bytes JMP 69FE1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!DialogBoxIndirectParamW 76933B7F 5 Bytes JMP 6A1D902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!DialogBoxParamA 7694CF42 5 Bytes JMP 6A1D8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!DialogBoxIndirectParamA 7694D274 5 Bytes JMP 6A1D9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!MessageBoxIndirectA 7695E869 5 Bytes JMP 6A1D8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!MessageBoxIndirectW 7695E963 5 Bytes JMP 6A1D8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!MessageBoxExA 7695E9C9 5 Bytes JMP 6A1D8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] USER32.dll!MessageBoxExW 7695E9ED 5 Bytes JMP 6A1D8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4936] ole32.dll!OleLoadFromStream 76546143 5 Bytes JMP 6A1D97FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[2752] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2752] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2752] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2752] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73AE24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73AC562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73AC56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73AE2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73AD85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73AD4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73AD5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73AD51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73AD6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73AD8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73AD8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73AD90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73ADE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3700] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73AD4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4876] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4876] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4876] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4876] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4876] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4876] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[4876] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74EFFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3313642086-4243417375-4108086617-1000@RefCount 3
Reg HKLM\SOFTWARE\Classes\CLSID\{CAF9FB67-43D3-E485-2E8D-2D6C0E4B9F7D}\ipMasvuxybAiz@ ZoWdsuI}jizotcJdDrz[}^Ni
Reg HKLM\SOFTWARE\Classes\CLSID\{CAF9FB67-43D3-E485-2E8D-2D6C0E4B9F7D}\PoNZbcodpiucf@ `LSm}NLFuX|K`?mv
Reg HKLM\SOFTWARE\Classes\CLSID\{CAF9FB67-43D3-E485-2E8D-2D6C0E4B9F7D}\qtuqTjuu@ SKLxsUV}v`
Reg HKLM\SOFTWARE\Classes\CLSID\{CAF9FB67-43D3-E485-2E8D-2D6C0E4B9F7D}\zzwaglho@ eXxqozGnPjK^giSHSg|youHTXH
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@MRUListEx 0x0A 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@8 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@11 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@5 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@15 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@4 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@16 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@10 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@0 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@6 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@17 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@12 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@18 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@7 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@14 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@1 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@19 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@13 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@9 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@3 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*@2 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\accdb
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\accdb@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\art
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\art@MRUListEx 0xFF 0xFF 0xFF 0xFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\bml
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\bml@0 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\bml@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\bmp
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\bmp@MRUListEx 0x0B 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\chm
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\chm@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\chm@1 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\com
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\com@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\coreftp
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\coreftp@0 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\coreftp@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\css
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\css@0 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\css@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\csv
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\csv@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\dat
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\dat@0 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\dat@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\dib
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\dib@MRUListEx 0xFF 0xFF 0xFF 0xFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\dll
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\dll@0 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\dll@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\doc
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\doc@MRUListEx 0x04 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\doc@4 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\docx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\docx@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\docx@0 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\eml
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\eml@MRUListEx 0x05 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\eml@5 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe@MRUListEx 0x0F 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe@13 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe@14 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe@15 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\flv
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\flv@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\gif
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\gif@MRUListEx 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\gif@19 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\gif@0 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\gif@1 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\gif@2 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\htm
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\htm@MRUListEx 0x04 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\htm@19 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\htm@0 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\htm@1 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\htm@6 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\htm@3 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\htm@5 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\htm@4 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\html
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\html@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\html@1 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\ico
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\ico@MRUListEx 0xFF 0xFF 0xFF 0xFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\inf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\inf@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jfif
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jfif@MRUListEx 0xFF 0xFF 0xFF 0xFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpe@MRUListEx 0xFF 0xFF 0xFF 0xFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpeg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpeg@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@MRUListEx 0x08 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@13 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@4 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@11 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@17 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@14 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@10 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@9 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@15 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@8 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@16 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@7 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@12 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@6 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@1 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@19 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@0 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@5 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@2 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@18 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg@3 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\log
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\log@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mbm
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mbm@MRUListEx 0x0E 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mbm@8 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mbm@9 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mbm@10 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mbm@11 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mbm@12 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mbm@13 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mbm@14 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mht
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mht@MRUListEx 0x03 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\otf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\otf@0 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\otf@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\otf@1 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\partial
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\partial@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pcx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pcx@MRUListEx 0xFF 0xFF 0xFF 0xFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@MRUListEx 0x13 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@7 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@8 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@9 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@10 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@11 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@12 0x8C 0x00 0x32 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@13 0x62 0x00 0x31 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@14 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@16 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@15 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@17 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@18 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pdf@19 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@MRUListEx 0x07 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@6 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@16 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@5 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@10 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@11 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@12 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@14 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@13 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@15 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@17 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@19 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@0 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@1 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@2 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@4 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@3 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png@7 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\ppt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\ppt@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pptx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pptx@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\psd
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\psd@0 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\psd@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pst
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pst@MRUListEx 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pub
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\pub@MRUListEx 0x05 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\qks
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\qks@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\rar
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\rar@MRUListEx 0x08 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\rar@5 0x62 0x00 0x31 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\rar@6 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\rar@7 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\rar@8 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\rle
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\rle@MRUListEx 0xFF 0xFF 0xFF 0xFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\st1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\st1@0 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\st1@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\tga
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\tga@MRUListEx 0xFF 0xFF 0xFF 0xFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\tif
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\tif@MRUListEx 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\ttf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\ttf@0 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\ttf@MRUListEx 0x02 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\ttf@1 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\ttf@2 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@MRUListEx 0x0D 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@18 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@19 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@0 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@1 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@3 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@2 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@4 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@5 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@6 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@7 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@9 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@8 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@10 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@12 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@11 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@13 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@15 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@14 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@16 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt@17 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\url
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\url@MRUListEx 0x00 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\wmf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\wmf@MRUListEx 0xFF 0xFF 0xFF 0xFF
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xls
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xls@MRUListEx 0x0F 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xls@12 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xls@13 0xA4 0x00 0x32 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xls@14 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xls@15 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@MRUListEx 0x04 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@16 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@17 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@18 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@15 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@0 0x14 0x00 0x1F 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@1 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@2 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@8 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@3 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@9 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@5 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@6 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xlsx@4 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xml
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\xml@MRUListEx 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\zip
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\zip@MRUListEx 0x0B 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\zip@7 0x14 0x00 0x1F 0x44 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\zip@8 0x62 0x00 0x31 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\zip@9 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\zip@10 0x14 0x00 0x1F 0x50 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\zip@11 0x14 0x00 0x1F 0x50 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0157D.log 1048576 bytes


Those kind ones out there, Please assist to see what's getting me to be blacklisted again and again.. Thanks a lot!!

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:09 PM

Posted 04 November 2012 - 09:20 AM

Greetings sianzguy and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. We are going to jump right in by running 3 programs. Please do the following for me.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


===================================================


Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply.

===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • Combofix log
  • aswMBR log
  • How is your computer running now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:09 PM

Posted 07 November 2012 - 01:43 PM

Greetings sianzguy


===================================================


3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,373 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:09 PM

Posted 10 November 2012 - 05:20 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users