Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus w/ google redirect and missing desktop icons


  • Please log in to reply
40 replies to this topic

#1 mjdennis

mjdennis

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 09 July 2011 - 10:13 AM

I hope someone can be of help.
I've been hit by a virus with symptoms that include:
-- missing desktop icons
-- missing start menu items
-- clicking on search results in google redirects to STOPzilla and other junk websites
-- IE and Media Player appeared to start spontaneously

I've tried running MBAM against it, but even though it had successful quarantine of 2 registry data items and 4 infected files, the symptoms are back. It also took 10 hours so is a bit... clumsy.

I'm running a 3GHz Pentium 4 with Microsoft Windows XP Home Edition up to SP3; we have 5 users; some use Firefox and some use IE.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:25 PM

Posted 09 July 2011 - 12:01 PM

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 10 July 2011 - 06:58 AM

Interim Answer:
=============
Summary: Ran all, results below, except GMER; it had run for several hours when I went to bed. When I came back this morning, computer was locked up. I see no way to recover last nights results so will start over and report GMER in a separate post.
Also, MBAM seems to have a problem; on start-up (even before current troubleshooting, it starts with an error "[OpenEvent]Failed to perform desired action. Error Code:2"
=============
Attempted to run unhide.exe, in safe mode, on administrator account, with .exe on another desktop. After 30 minutes, ssumed (incorrectly!) it was hung up and used ^C + restart. Switched to normal mode, my account 'M', halted McAfee real-time protection and ran from my desktop; ran around 45 minutes. Checked my account; still had same missing items on Start menu (my folders were there, but empty; All-User folders and program items did not appear to be there at all). Checked most-damaged 'W'-account, no desktop items had returned, some Start items had returned but only 1/2 of recently-used, and only top-level items -- same as my account.
=============
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

McAfee SecurityCenter
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java™ SE Runtime Environment 6 Update 1
Java™ SE Development Kit 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Java DB 10.3.1.4
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````



=============
MiniToolBox by Farbar
Ran by Mike (administrator) on 09-07-2011 at 20:22:37
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : D6MHPX61 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-11-11-D0-FB-49 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.102 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 156.154.119.11 156.154.129.11 NetBIOS over Tcpip. . . . . . . . : Disabled Lease Obtained. . . . . . . . . . : Saturday, July 09, 2011 7:48:31 PM Lease Expires . . . . . . . . . . : Sunday, July 10, 2011 7:48:31 PMServer: dnsapp1.ultradns.net
Address: 156.154.119.11

Name: google.com
Addresses: 74.125.115.99, 74.125.115.147, 74.125.115.104, 74.125.115.103
74.125.115.106, 74.125.115.105

Pinging google.com [74.125.115.99] with 32 bytes of data:Reply from 74.125.115.99: bytes=32 time=23ms TTL=53Reply from 74.125.115.99: bytes=32 time=20ms TTL=53Ping statistics for 74.125.115.99: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 23ms, Average = 21msServer: dnsapp1.ultradns.net
Address: 156.154.119.11

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:Reply from 98.137.149.56: bytes=32 time=81ms TTL=53Reply from 98.137.149.56: bytes=32 time=80ms TTL=53Ping statistics for 98.137.149.56: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 80ms, Maximum = 81ms, Average = 80msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 d0 fb 49 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 20
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 20
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 20
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/09/2011 06:10:12 PM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (McSvHost.exe!ld!)

Error: (07/09/2011 06:09:39 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (07/09/2011 11:51:03 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (07/09/2011 07:50:34 PM) (Source: DCOM) (User: Susan)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (07/09/2011 07:48:43 PM) (Source: 0) (User: )
Description:

Error: (07/09/2011 07:48:43 PM) (Source: 0) (User: )
Description:

Error: (07/09/2011 07:48:43 PM) (Source: 0) (User: )
Description:

Error: (07/09/2011 07:48:43 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon

Error: (07/09/2011 07:48:41 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (07/09/2011 07:48:41 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (07/09/2011 07:03:37 PM) (Source: DCOM) (User: Mike)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (07/09/2011 07:01:24 PM) (Source: 0) (User: )
Description:

Error: (07/09/2011 07:01:24 PM) (Source: 0) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (07/09/2011 06:10:12 PM) (Source: Application Error)(User: )
Description: McSvHost.exe0.0.0.0unknown0.0.0.000000000

Error: (07/09/2011 06:09:39 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (07/09/2011 11:51:03 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2011 11:51:03 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 23%
Total physical RAM: 2046.09 MB
Available physical RAM: 1574.42 MB
Total Pagefile: 3936.96 MB
Available Pagefile: 3458.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.34 MB

======================= Partitions: =======================================

2 Drive c: () (Fixed) (Total:145.41 GB) (Free:8.2 GB) NTFS

================= Users: ==================================================

User accounts for \\D6MHPX61

-------------------------------------------------------------------------------
Administrator BF2142 Eric
Guest HelpAssistant Michelle
Mike SUPPORT_388945a0 Susan
The command completed successfully.

================= End of Users ============================================




=============
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7057

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/9/2011 8:58:08 PM
mbam-log-2011-07-09 (20-58-08).txt

Scan type: Quick scan
Objects scanned: 280973
Time elapsed: 28 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



=============
Restarted per instructions, despite lack of malicious items





=============
GMER QUICKSCAN LOG, since full scan failed:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-10 07:56:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST316002 rev.8.12
Running: rvr0gfxh.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\uxlyapob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E03210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E03224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E03250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E031FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E031D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E031E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E0323A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E0327C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E03266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:128] 8A3DE0B3
Thread System [4:136] 8A3DE923
Thread System [4:140] 8A3DF7FB

---- EOF - GMER 1.0.15 ----

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:25 PM

Posted 10 July 2011 - 10:35 AM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 10 July 2011 - 01:54 PM

HCan you get by without the rest of the GMER run? the FILES portion is too long for a post to this forum...

=====
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-10 13:59:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST316002 rev.8.12
Running: rvr0gfxh.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\uxlyapob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E03210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E03224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E03250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E031FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E031D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E031E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E0323A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E0327C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E03266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP B9E03280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B9E031D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B9E031EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP B9E0326A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP B9E0323E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP B9E03214 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP B9E03228 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP B9E03254 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP B9E03200 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text KDCOM.DLL!KdSendPacket BA5A8345 6 Bytes [FA, 8D, 46, 01, 25, FF]
.text KDCOM.DLL!KdSendPacket BA5A834D 5 Bytes [80, 79, 07, 48, 0D]
.text KDCOM.DLL!KdSendPacket BA5A8353 29 Bytes [FF, FF, FF, 40, 0F, B6, F0, ...]
.text KDCOM.DLL!KdSendPacket BA5A8371 28 Bytes [FF, FF, FF, 42, 0F, B6, FA, ...]
.text KDCOM.DLL!KdD0Transition + 8 BA5A838E 17 Bytes [08, 03, 55, F8, 03, D8, 81, ...]
.text KDCOM.DLL!KdD0Transition + 1A BA5A83A0 42 Bytes [FF, FF, FF, 43, 0F, B6, C3, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 25 BA5A83CB 6 Bytes [00, C9, C2, 08, 00, 55] {ADD CL, CL; RET 0x8; PUSH EBP}
.text KDCOM.DLL!KdDebuggerInitialize0 + 2C BA5A83D2 23 Bytes [EC, 83, C8, FF, 83, 7D, 08, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 44 BA5A83EA 162 Bytes [42, 5E, F6, C1, 01, 74, 0A, ...]
.text KDCOM.DLL!KdRestore + 2D BA5A848D 1 Byte [43]
.text KDCOM.DLL!KdRestore + 2D BA5A848D 77 Bytes [43, 08, 89, 45, FC, 8B, 55, ...]
.text KDCOM.DLL!KdRestore + 7C BA5A84DC 25 Bytes [C9, C2, 08, 00, 55, 8B, EC, ...]
.text KDCOM.DLL!KdRestore + 97 BA5A84F7 21 Bytes [89, 06, 89, 46, 08, 89, 46, ...]
.text KDCOM.DLL!KdRestore + AD BA5A850D 241 Bytes CALL BA5A846D \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 2 BA5A8F4E 205 Bytes [F0, 8D, 45, FC, 50, 53, 56, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + D0 BA5A901C 2 Bytes [75, 0E] {JNZ 0x10}
PAGEKD KDCOM.DLL!KdReceivePacket + D3 BA5A901F 1 Byte [C0]
PAGEKD KDCOM.DLL!KdReceivePacket + D3 BA5A901F 103 Bytes [C0, 02, 83, C2, 02, 84, DB, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 13B BA5A9087 131 Bytes [7D, 0C, B8, 4D, 5A, 00, 00, ...]
PAGEKD ...
PAGEKD KDCOM.DLL!KdSendPacket + 6F BA5A9221 181 Bytes [83, C4, 18, 33, C0, 85, FF, ...]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xBA45B760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB861DF80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E7000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E6000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DA000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 067A2D20 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 067A2C00 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00E068C7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 067A2EC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 067A2FC0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00E06AD2
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00E068C7
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1696] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00E06AD2
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1816] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1816] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2788] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0079000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0076000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2788] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0075000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0077000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2788] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0078000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3420] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1068EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3420] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1068ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3420] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104A5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3420] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104A5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdSendPacket] [BA5A8631] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdD0Transition] [BA5A85DF] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdD3Transition] [BA5A85E9] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdReceivePacket] [BA5A860D] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize0] [BA5A85F3] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdSave] [BA5A8625] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize1] [BA5A85FF] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdRestore] [BA5A8619] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\hal.dll[KDCOM.dll!KdRestore] [BA5A8619] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!READ_PORT_UCHAR] 736F746E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!WRITE_PORT_UCHAR] 6C6E726B
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalQueryRealTimeClock] 6578652E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalInitSystem] 00000000
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!KdComPortInUse] 2E6C6168

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1528] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\WINDOWS\system32\mfevtps.exe[1896] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[1896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A0739D20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:128] 8A3DE0B3
Thread System [4:136] 8A3DE923
Thread System [4:140] 8A3DF7FB

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ Internet Explorer User Accelerators
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicy ProcessGroupPolicyForActivities
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 960
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3014
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ 802.3 Group Policy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DisplayName @dot3gpclnt.dll,-100
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@ProcessGroupPolicyEx ProcessLANPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@GenerateGroupPolicy GenerateLANPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@DllName dot3gpclnt.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ Internet Explorer Machine Accelerators
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DisplayName @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@DllName C:\WINDOWS\system32\iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicy ProcessGroupPolicyForActivities
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@ProcessGroupPolicyEx ProcessGroupPolicyForActivitiesEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DllName C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logon SABWINLOLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Logoff SABWINLOLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Startup SABWINLOStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Shutdown SABWINLOShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc@Startup StartAuthClient
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc@DllName C:\WINDOWS\system32\ackpbsc.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock@DllName C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock@Lock LockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock@Unlock UnlockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock@Logon LogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock@Logoff LogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock@Shutdown ShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@DllName crypt32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain@Logoff ChainWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@DllName cryptnet.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet@Logoff CryptnetWlxLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@DLLName cscdll.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logon WinlogonLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Logoff WinlogonLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@ScreenSaver WinlogonScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Startup WinlogonStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Shutdown WinlogonShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@StartShell WinlogonStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@DllName %SystemRoot%\System32\dimsntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Startup WlDimsStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Shutdown WlDimsShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logon WlDimsLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Logoff WlDimsLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@StartShell WlDimsStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Lock WlDimsLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy@Unlock WlDimsUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logon SCardStartCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Logoff SCardStopCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Lock SCardSuspendCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Unlock SCardResumeCertProp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Enabled 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@StartShell SchedStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule@Logoff SchedEventLogOff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Logoff WLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy@DllName sclgntfy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@DLLName WlNotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Lock SensLockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logon SensLogonEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Logoff SensLogoffEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Safe 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartScreenSaver SensStartScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StopScreenSaver SensStopScreenSaverEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Startup SensStartupEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Shutdown SensShutdownEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@StartShell SensStartShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@PostShell SensPostShellEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Disconnect SensDisconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Reconnect SensReconnectEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Unlock SensUnlockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@DllName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logoff TSEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Logon TSEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@PostShell TSEventPostShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Shutdown TSEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@StartShell TSEventStartShell
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Startup TSEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@MaxWait 600
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Reconnect TSEventReconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv@Disconnect TSEventDisconnect
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@DLLName wlnotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logon RegisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Logoff UnregisterTicketExpiredNotificationEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify_Disabled\ddcDvssS
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET 0
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer@ ole2disp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ oleaut32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@InprocServer32 nnPl(}XP9?_,O3?,aFS^>M5KDYSUnf(HA*L[xeX)y?9~EowM9KA?EODmlI}'28Windows_And_System_Files>M5KDYSUnf(HA*L[xeX)y?vvX?a%rz!?r*=kBn{tD?AllApps>M5KDYSUnf(HA*L[xeX)y?

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

#6 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 10 July 2011 - 01:59 PM

For TDSSKiller.exe ...
Internet connected, disconnected, or doesn't matter?
McAfee Real Time Scanning on, off, or doesn't matter?
Thanks!

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:25 PM

Posted 10 July 2011 - 02:01 PM

It doesn't matter.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 10 July 2011 - 02:31 PM

TDSSKiller.exe does nothing when started.

Sorry, I do get a window that says:
============================================
<WindowTitle> Open File - Security Warning
Do you want to run this file?
Name: tdsskiller.exe
Publisher: Kaspersky Lab
Type: Application
From: C:\Documents and settings\Mike\Desktop
[Run] [Cancel]
(some more expected stuff...)
============================================

Hitting run produces no results.
Trying to run tdsskiller from a command window does nothing...
In a holding pattern for now!

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:25 PM

Posted 10 July 2011 - 02:33 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 10 July 2011 - 03:31 PM

Attempting it now...
Just in case, is there a FixFixTDSS?

#11 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 10 July 2011 - 03:44 PM

***Infected MBR detected Repair
Close

(I presume close is correct, but should I reenable System Restore first, or after? And by the way, turning off System Restore claimed it was going to remove all my previous Restore Points, so I'm not quite sure if we will gain any ground turning it back on right away...

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:25 PM

Posted 10 July 2011 - 03:49 PM

Re-run the Tool one more time and this time click on "Repair".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 10 July 2011 - 05:40 PM

This time, TDSS went through a major search.
It ended while I was outside, but I had a message that said that:

Backdoor.Tidserv has not been found on your computer.

But when I hit "OK", both windows disappeared, so I don't know if there was anything else.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:25 PM

Posted 10 July 2011 - 05:50 PM

See, if TDSSKiller will run now.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 mjdennis

mjdennis
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 10 July 2011 - 06:30 PM

No infection found. Report:

2011/07/10 19:28:03.0937 3648 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/10 19:28:04.0687 3648 ================================================================================
2011/07/10 19:28:04.0687 3648 SystemInfo:
2011/07/10 19:28:04.0687 3648
2011/07/10 19:28:04.0687 3648 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/10 19:28:04.0687 3648 Product type: Workstation
2011/07/10 19:28:04.0687 3648 ComputerName: D6MHPX61
2011/07/10 19:28:04.0687 3648 UserName: Mike
2011/07/10 19:28:04.0687 3648 Windows directory: C:\WINDOWS
2011/07/10 19:28:04.0687 3648 System windows directory: C:\WINDOWS
2011/07/10 19:28:04.0687 3648 Processor architecture: Intel x86
2011/07/10 19:28:04.0687 3648 Number of processors: 2
2011/07/10 19:28:04.0687 3648 Page size: 0x1000
2011/07/10 19:28:04.0687 3648 Boot type: Normal boot
2011/07/10 19:28:04.0687 3648 ================================================================================
2011/07/10 19:28:04.0953 3648 Initialize success
2011/07/10 19:28:30.0609 0248 ================================================================================
2011/07/10 19:28:30.0609 0248 Scan started
2011/07/10 19:28:30.0609 0248 Mode: Manual;
2011/07/10 19:28:30.0609 0248 ================================================================================
2011/07/10 19:28:30.0906 0248 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/07/10 19:28:30.0968 0248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/10 19:28:31.0015 0248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/10 19:28:31.0078 0248 actccid (f5701aefb1132579054578ac38181b94) C:\WINDOWS\system32\DRIVERS\actccid.sys
2011/07/10 19:28:31.0109 0248 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/07/10 19:28:31.0156 0248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/10 19:28:31.0187 0248 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/10 19:28:31.0234 0248 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/07/10 19:28:31.0281 0248 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/10 19:28:31.0296 0248 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/07/10 19:28:31.0312 0248 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/07/10 19:28:31.0328 0248 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/07/10 19:28:31.0343 0248 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/07/10 19:28:31.0375 0248 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/10 19:28:31.0390 0248 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/07/10 19:28:31.0406 0248 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/07/10 19:28:31.0437 0248 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/07/10 19:28:31.0453 0248 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/07/10 19:28:31.0484 0248 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/07/10 19:28:31.0500 0248 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/07/10 19:28:31.0562 0248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/10 19:28:31.0578 0248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/10 19:28:31.0687 0248 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/10 19:28:31.0734 0248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/10 19:28:31.0765 0248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/10 19:28:31.0796 0248 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/07/10 19:28:31.0828 0248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/10 19:28:31.0890 0248 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/07/10 19:28:31.0906 0248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/10 19:28:31.0937 0248 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/10 19:28:31.0968 0248 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/07/10 19:28:31.0984 0248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/10 19:28:32.0000 0248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/10 19:28:32.0046 0248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/10 19:28:32.0093 0248 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/07/10 19:28:32.0140 0248 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/07/10 19:28:32.0156 0248 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/07/10 19:28:32.0187 0248 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/07/10 19:28:32.0203 0248 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/07/10 19:28:32.0250 0248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/10 19:28:32.0312 0248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/10 19:28:32.0375 0248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/10 19:28:32.0406 0248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/10 19:28:32.0437 0248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/10 19:28:32.0484 0248 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/07/10 19:28:32.0500 0248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/10 19:28:32.0531 0248 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/07/10 19:28:32.0546 0248 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/07/10 19:28:32.0687 0248 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/07/10 19:28:32.0718 0248 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/07/10 19:28:32.0765 0248 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/10 19:28:32.0843 0248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/10 19:28:32.0890 0248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/10 19:28:32.0937 0248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/10 19:28:32.0953 0248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/10 19:28:33.0000 0248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/10 19:28:33.0031 0248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/10 19:28:33.0046 0248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/10 19:28:33.0078 0248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/10 19:28:33.0109 0248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/10 19:28:33.0156 0248 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/10 19:28:33.0171 0248 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/07/10 19:28:33.0234 0248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/10 19:28:33.0265 0248 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/10 19:28:33.0296 0248 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/07/10 19:28:33.0312 0248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/10 19:28:33.0343 0248 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
2011/07/10 19:28:33.0375 0248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/10 19:28:33.0406 0248 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/07/10 19:28:33.0468 0248 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/07/10 19:28:33.0515 0248 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/07/10 19:28:33.0531 0248 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/07/10 19:28:33.0578 0248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/10 19:28:33.0625 0248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/10 19:28:33.0656 0248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/10 19:28:33.0671 0248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/10 19:28:33.0718 0248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/10 19:28:33.0750 0248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/10 19:28:33.0796 0248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/10 19:28:33.0828 0248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/10 19:28:33.0875 0248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/10 19:28:33.0937 0248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/10 19:28:33.0953 0248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/10 19:28:34.0000 0248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/10 19:28:34.0046 0248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/10 19:28:34.0171 0248 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/07/10 19:28:34.0218 0248 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/07/10 19:28:34.0265 0248 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/07/10 19:28:34.0312 0248 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/07/10 19:28:34.0343 0248 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/07/10 19:28:34.0375 0248 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/07/10 19:28:34.0390 0248 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/07/10 19:28:34.0437 0248 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/07/10 19:28:34.0484 0248 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/07/10 19:28:34.0531 0248 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/07/10 19:28:34.0562 0248 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/07/10 19:28:34.0593 0248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/10 19:28:34.0625 0248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/10 19:28:34.0656 0248 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/10 19:28:34.0671 0248 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/07/10 19:28:34.0687 0248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/10 19:28:34.0734 0248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/10 19:28:34.0765 0248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/10 19:28:34.0781 0248 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/07/10 19:28:34.0796 0248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/10 19:28:34.0859 0248 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/10 19:28:34.0890 0248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/10 19:28:34.0937 0248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/10 19:28:34.0953 0248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/10 19:28:34.0968 0248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/10 19:28:35.0015 0248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/10 19:28:35.0046 0248 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/10 19:28:35.0062 0248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/10 19:28:35.0109 0248 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/10 19:28:35.0156 0248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/10 19:28:35.0187 0248 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/10 19:28:35.0234 0248 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/10 19:28:35.0250 0248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/10 19:28:35.0265 0248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/10 19:28:35.0296 0248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/10 19:28:35.0328 0248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/10 19:28:35.0359 0248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/10 19:28:35.0390 0248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/10 19:28:35.0437 0248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/10 19:28:35.0515 0248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/10 19:28:35.0609 0248 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/10 19:28:35.0687 0248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/10 19:28:35.0703 0248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/10 19:28:35.0750 0248 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/07/10 19:28:35.0796 0248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/10 19:28:35.0828 0248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/10 19:28:35.0859 0248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/10 19:28:35.0906 0248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/10 19:28:35.0937 0248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/10 19:28:35.0968 0248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/10 19:28:36.0046 0248 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/07/10 19:28:36.0062 0248 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/07/10 19:28:36.0125 0248 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys
2011/07/10 19:28:36.0187 0248 PnkBstrK (a32ef1b47f239fc91dbf5c02feaf573d) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2011/07/10 19:28:36.0218 0248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/10 19:28:36.0250 0248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/10 19:28:36.0265 0248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/10 19:28:36.0312 0248 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/10 19:28:36.0328 0248 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/07/10 19:28:36.0343 0248 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/07/10 19:28:36.0375 0248 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/07/10 19:28:36.0390 0248 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/07/10 19:28:36.0406 0248 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/07/10 19:28:36.0437 0248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/10 19:28:36.0453 0248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/10 19:28:36.0484 0248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/10 19:28:36.0500 0248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/10 19:28:36.0531 0248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/10 19:28:36.0546 0248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/10 19:28:36.0593 0248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/10 19:28:36.0640 0248 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/10 19:28:36.0671 0248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/10 19:28:36.0734 0248 RT25USBAP (9c377dbf9d2d19098db935dc1e8361a3) C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
2011/07/10 19:28:36.0796 0248 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/10 19:28:36.0812 0248 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/10 19:28:36.0859 0248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/10 19:28:36.0921 0248 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/07/10 19:28:36.0953 0248 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/10 19:28:36.0984 0248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/10 19:28:37.0015 0248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/10 19:28:37.0078 0248 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/10 19:28:37.0109 0248 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/10 19:28:37.0171 0248 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/10 19:28:37.0187 0248 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/07/10 19:28:37.0203 0248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/10 19:28:37.0265 0248 SQTECH905C (6f01f5446575bfcaec1ab1e58120e4ce) C:\WINDOWS\system32\Drivers\Capt905c.sys
2011/07/10 19:28:37.0281 0248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/10 19:28:37.0328 0248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/10 19:28:37.0359 0248 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/07/10 19:28:37.0375 0248 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/07/10 19:28:37.0421 0248 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/10 19:28:37.0453 0248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/10 19:28:37.0484 0248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/10 19:28:37.0515 0248 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/07/10 19:28:37.0531 0248 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/07/10 19:28:37.0546 0248 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/07/10 19:28:37.0578 0248 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/07/10 19:28:37.0609 0248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/10 19:28:37.0656 0248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/10 19:28:37.0703 0248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/10 19:28:37.0734 0248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/10 19:28:37.0765 0248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/10 19:28:37.0843 0248 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/07/10 19:28:37.0859 0248 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/07/10 19:28:37.0875 0248 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/07/10 19:28:37.0906 0248 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/07/10 19:28:37.0921 0248 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/07/10 19:28:37.0937 0248 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/07/10 19:28:37.0968 0248 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/07/10 19:28:37.0984 0248 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/07/10 19:28:38.0000 0248 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/07/10 19:28:38.0078 0248 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/07/10 19:28:38.0109 0248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/10 19:28:38.0125 0248 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/07/10 19:28:38.0171 0248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/10 19:28:38.0234 0248 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/10 19:28:38.0265 0248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/10 19:28:38.0296 0248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/10 19:28:38.0328 0248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/10 19:28:38.0343 0248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/10 19:28:38.0359 0248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/10 19:28:38.0390 0248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/10 19:28:38.0421 0248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/10 19:28:38.0468 0248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/10 19:28:38.0484 0248 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/07/10 19:28:38.0515 0248 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/10 19:28:38.0546 0248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/10 19:28:38.0593 0248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/10 19:28:38.0625 0248 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/07/10 19:28:38.0687 0248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/10 19:28:38.0781 0248 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/10 19:28:38.0812 0248 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/10 19:28:38.0843 0248 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/10 19:28:38.0890 0248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/10 19:28:38.0937 0248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/10 19:28:38.0968 0248 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
2011/07/10 19:28:38.0984 0248 Boot (0x1200) (5db8ee8216ed8b8f31aaef299349ab1b) \Device\Harddisk0\DR0\Partition0
2011/07/10 19:28:39.0000 0248 ================================================================================
2011/07/10 19:28:39.0000 0248 Scan finished
2011/07/10 19:28:39.0000 0248 ================================================================================
2011/07/10 19:28:39.0000 2188 Detected object count: 0
2011/07/10 19:28:39.0000 2188 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users