DDS (Ver_09-07-30.01) - NTFSx86
Run by a-greis at 15:13:18.72 on Wed 08/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1405 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\AOL\1205177040\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
\\mountlyell\Installers\dds.scr
============== Pseudo HJT Report ===============
uSearch Page =
hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=us-smbuSearch Bar =
hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=us-smbmSearchAssistant =
hxxp://www.google.com/hws/sb/dell-usuk/ ... nel=us-smbTB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000018.dll
EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000018.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HostManager] c:\program files\common files\aol\1205177040\ee\AOLSoftware.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{e2957f3d-0f9d-413f-b071-60380ce43617}\Icon6560581611.exe
LSP: c:\windows\system32\PGPlsp.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
hxxps://support.dell.com/systemprofiler/SysPro.CABDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -
hxxp://download.microsoft.com/download/ ... ontrol.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://www.update.microsoft.com/windows ... 4769280527DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -
hxxp://office.microsoft.com/officeupdat ... /opuc4.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabNotify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: PGPmapih.dll,c:\docume~1\lcutting\locals~1\temp\3208671932mmx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli PGPpwflt
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\a-greis\applic~1\mozilla\firefox\profiles\f37r0v1p.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2008-12-10 134712]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2008-12-10 212024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2008-12-10 245816]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2008-12-10 40504]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090807.007\naveng.sys [2009-8-8 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090807.007\navex15.sys [2009-8-8 875728]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
=============== Created Last 30 ================
==================== Find3M ====================
2009-08-08 09:55 103,257 a------- c:\windows\system32\hjgruirssdompq.dat
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 19:03 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 06:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-10 21:38 4 ----h--- c:\windows\fonts\mlog
2009-07-10 11:02 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-10 06:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-05 21:14 50,200 a---h--- c:\windows\system32\mlfcache.dat
2009-07-01 13:21 155,676 a------- c:\windows\system32\nvModes.dat
2009-06-29 04:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 04:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 01:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 01:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 01:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-25 15:36 4,608 a------- c:\windows\system32\w95inf32.dll
2009-06-25 15:36 2,272 a------- c:\windows\system32\w95inf16.dll
2009-06-25 01:17 729,600 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 01:17 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:17 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 01:17 729,600 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:17 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:17 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:17 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:17 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 01:17 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 04:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 04:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 04:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 04:48 91,776 a------- c:\windows\system32\drivers\mqac.sys
2009-06-22 04:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 04:35 92,544 a------- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 04:35 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 20:25 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 20:25 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 04:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 04:50 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 04:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 04:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 07:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 07:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-09 23:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-09 23:32 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-09 08:06 1,871,872 a------- c:\windows\system32\mstscax.dll
2009-06-09 08:06 1,871,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 12:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll
============= FINISH: 15:13:50.62 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/5/2008 6:02:41 PM
System Uptime: 8/12/2009 12:02:48 PM (3 hours ago)
Motherboard: Dell Inc. | | 0WM416
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 112 GiB total, 78.477 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP227: 7/9/2009 10:10:50 PM - System Checkpoint
RP228: 7/9/2009 10:10:51 PM - System Checkpoint
RP229: 7/9/2009 10:10:51 PM - System Checkpoint
RP230: 7/9/2009 10:10:51 PM - System Checkpoint
RP231: 7/9/2009 10:10:51 PM - System Checkpoint
RP232: 7/9/2009 10:10:51 PM - System Checkpoint
RP233: 7/9/2009 10:10:52 PM - Software Distribution Service 3.0
RP234: 7/9/2009 10:10:52 PM - System Checkpoint
RP235: 7/9/2009 10:10:52 PM - System Checkpoint
RP236: 7/9/2009 10:10:52 PM - System Checkpoint
RP237: 7/9/2009 10:10:52 PM - System Checkpoint
RP238: 7/9/2009 10:10:52 PM - System Checkpoint
RP239: 7/9/2009 10:10:53 PM - Software Distribution Service 3.0
RP240: 7/9/2009 10:10:53 PM - System Checkpoint
RP241: 7/9/2009 10:10:53 PM - System Checkpoint
RP242: 7/9/2009 10:10:53 PM - System Checkpoint
RP243: 7/9/2009 10:10:53 PM - System Checkpoint
RP244: 7/9/2009 10:10:53 PM - System Checkpoint
RP245: 7/9/2009 10:10:54 PM - System Checkpoint
RP246: 7/9/2009 10:10:54 PM - System Checkpoint
RP247: 7/9/2009 10:10:54 PM - Software Distribution Service 3.0
RP248: 7/9/2009 10:10:55 PM - System Checkpoint
RP249: 7/9/2009 10:10:56 PM - System Checkpoint
RP250: 7/9/2009 10:10:57 PM - System Checkpoint
RP251: 7/9/2009 10:10:57 PM - System Checkpoint
RP252: 7/9/2009 10:10:57 PM - Printer Driver Microsoft Office Document Image Writer Installed
RP253: 7/9/2009 10:10:57 PM - System Checkpoint
RP254: 7/9/2009 10:10:58 PM - System Checkpoint
RP255: 7/9/2009 10:10:58 PM - System Checkpoint
RP256: 7/9/2009 10:10:58 PM - System Checkpoint
RP257: 7/9/2009 10:10:58 PM - System Checkpoint
RP258: 7/9/2009 10:10:58 PM - System Checkpoint
RP259: 7/9/2009 10:10:59 PM - System Checkpoint
RP260: 7/9/2009 10:10:59 PM - System Checkpoint
RP261: 7/9/2009 10:10:59 PM - System Checkpoint
RP262: 7/9/2009 10:10:59 PM - System Checkpoint
RP263: 7/9/2009 10:10:59 PM - Software Distribution Service 3.0
RP264: 7/9/2009 10:11:00 PM - System Checkpoint
RP265: 7/9/2009 10:11:00 PM - System Checkpoint
RP266: 7/9/2009 10:11:00 PM - System Checkpoint
RP267: 7/9/2009 10:11:00 PM - System Checkpoint
RP268: 7/9/2009 10:11:00 PM - System Checkpoint
RP269: 7/9/2009 10:11:00 PM - System Checkpoint
RP270: 7/9/2009 10:11:00 PM - System Checkpoint
RP271: 7/9/2009 10:11:01 PM - System Checkpoint
RP272: 7/9/2009 10:11:01 PM - Installed FinePixViewer Ver.3.0
RP273: 7/9/2009 10:11:01 PM - System Checkpoint
RP274: 7/9/2009 10:11:01 PM - Configured FinePixViewer Ver.3.0
RP275: 7/9/2009 10:11:01 PM - Installed FinePixViewer Ver.3.0
RP276: 7/9/2009 10:11:01 PM - System Checkpoint
RP277: 7/9/2009 10:11:02 PM - Configured FinePixViewer Ver.3.0
RP278: 7/9/2009 10:11:02 PM - System Checkpoint
RP279: 7/9/2009 10:11:02 PM - System Checkpoint
RP280: 7/9/2009 10:11:02 PM - System Checkpoint
RP281: 7/9/2009 10:11:02 PM - System Checkpoint
RP282: 7/9/2009 10:11:02 PM - System Checkpoint
RP283: 8/8/2009 12:26:00 PM - System Checkpoint
RP284: 8/12/2009 9:47:13 AM - Software Distribution Service 3.0
==== Installed Programs ======================
Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 1.6FP
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
Conexant HDA D330 MDC V.92 Modem
Copernic Desktop Search 2
Critical Update for Windows Media Player 11 (KB959772)
Dell Touchpad
DellSupport
Digital Line Detect
FUJIFILM USB Driver
getPlus(R)_dll
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB934428-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB937930)
Hotfix for Windows XP (KB952287)
IBM Printer Software Uninstall
Intel(R) PROSet/Wireless Software
IntelliSonic Speech Enhancement
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Java(TM) 6 Update 5
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
Modem Diagnostic Tool
Mozilla Firefox (3.0.13)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSMail2003
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mZConfig
NetWaiting
NVIDIA Drivers
OMCI
PGP Desktop
PowerDVD
QuickSet
QuickTime
Safari
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SigmaTel Audio
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Symantec AntiVirus
TeraCopy 2.0 beta 3
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
8/7/2009 9:31:51 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001CBFC9949F has been denied by the DHCP server 192.168.0.30 (The DHCP Server sent a DHCPNACK message).
8/7/2009 8:05:51 AM, error: Dhcp [1002] - The IP address lease 192.168.0.117 for the Network Card with network address 001CBFC9949F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/6/2009 12:24:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SAVRT' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/5/2009 9:59:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Symantec AntiVirus Definition Watcher service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The SavRoam service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The PGPserv service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Broadcom ASF IP and SMBIOS Mailbox Monitor service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:32 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 9:58:31 AM, error: Service Control Manager [7034] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:31 AM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:31 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 9:58:31 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
8/5/2009 11:12:02 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 8a30dda0, parameter3 8a30df14, parameter4 805d1650.
8/5/2009 11:02:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
8/5/2009 10:25:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm SAVRT SYMTDI
8/5/2009 10:24:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/5/2009 10:24:13 AM, error: NETLOGON [5719] - No Domain Controller is available for domain MLC due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
8/5/2009 10:06:32 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:05:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:04:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:03:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:02:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:01:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/5/2009 10:00:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
==== End Of File ===========================
GMER 1.0.15.15020 [j8lf01ol.exe] -
http://www.gmer.netRootkit scan 2009-08-12 16:27:04
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT E1969358 ZwConnectPort
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs PGPfsfd.sys (PGP FSFD/PGP Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \FileSystem\Fastfat \Fat A2519C8A
AttachedDevice \FileSystem\Fastfat \Fat PGPfsfd.sys (PGP FSFD/PGP Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
---- Services - GMER 1.0.15 ----
Service system32\drivers\hjgruiymethtsd.sys (*** hidden *** ) [SYSTEM] hjgruicpkohflo <-- ROOTKIT !!!
Service system32\drivers\UACespixdpa.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo@imagepath \systemroot\system32\drivers\hjgruiymethtsd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruiymethtsd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules@hjgruicmd.dll \systemroot\system32\hjgruijkltobiq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules@hjgruilog.dat \systemroot\system32\hjgruirssdompq.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules@hjgruiwsp.dll \systemroot\system32\hjgruijdqlrrxe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruicpkohflo\modules@hjgrui.dat \systemroot\system32\hjgruipxmynsml.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACespixdpa.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpfsmuwkt.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACetoiepfe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo@imagepath \systemroot\system32\drivers\hjgruiymethtsd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main@aid 10002
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruiymethtsd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules@hjgruicmd.dll \systemroot\system32\hjgruijkltobiq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules@hjgruilog.dat \systemroot\system32\hjgruirssdompq.dat
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules@hjgruiwsp.dll \systemroot\system32\hjgruijdqlrrxe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruicpkohflo\modules@hjgrui.dat \systemroot\system32\hjgruipxmynsml.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACespixdpa.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACpfsmuwkt.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACetoiepfe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors
---- EOF - GMER 1.0.15 ----