Malware Removal Information

Ga naar de inhoud

Hoofdmenu

Haxdoor - Goldun

Infecties > Archief F - N

Haxfix can delete the following variants of Haxdoor, Goldun - Haxspy and SpyBanker:
(**** is the random part, is the haxdoorkey without the numbers used in option 3.)

Haxdoor: ****32.dll

All variants from this type: O20 - Winlogon Notify: ****32 - C:\WINDOWS\SYSTEM32\****32.dll

avpe32
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
TCPIP2 Kernel32: \??\C:\WINDOWS\System32\avpe64.sys (autostart)
TCPIP2 Kernel: \??\C:\WINDOWS\System32\avpe64.sys (system)

avpx32
O20 - Winlogon Notify: avpx32 - C:\WINDOWS\SYSTEM32\avpx32.dll

avpi32
O20 - Winlogon Notify: avpi32 - C:\WINDOWS\SYSTEM32\avpi32.dll

avpp32
O20 - Winlogon Notify: avpp32 - C:\WINDOWS\SYSTEM32\avpp32.dll

avpu32
O20 - Winlogon Notify: avpu32 - C:\WINDOWS\SYSTEM32\avpu32.dll

fuxx32
O20 - Winlogon Notify: fuxx32 - C:\WINDOWS\SYSTEM32\fuxx32.dll

cert32
O20 - Winlogon Notify: cert32 - C:\WINDOWS\SYSTEM32\cert32.dll

tpcR32
O20 - Winlogon Notify: tcpR32 - C:\WINDOWS\SYSTEM32\tcpR32.dll

axxt32
O20 - Winlogon Notify: axxt32 - C:\WINDOWS\SYSTEM32\axxt32.dll

winm32
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
winm TCP: \??\C:\WINDOWS\System32\winm32.sys (autostart)
winm64 TCP: \??\C:\WINDOWS\System32\winm64.sys (system)

snda32
O20 - Winlogon Notify: snda32 - C:\WINDOWS\SYSTEM32\snda32.dll

sndu32
O20 - Winlogon Notify: sndu32 - C:\WINDOWS\SYSTEM32\sndu32.dll

lanH32
O20 - Winlogon Notify: lanH32 - C:\WINDOWS\SYSTEM32\lanH32.dll
LAN FW adapter: \??\C:\WINDOWS\System32\lanH64.sys (autostart)
LAN MSFW adapter: \??\C:\WINDOWS\System32\lanH64.sys (system)

twpR32
O20 - Winlogon Notify: twpR32 - C:\WINDOWS\SYSTEM32\twpR32.dll

pptp32
O20 - Winlogon Notify: pptp32 - C:\WINDOWS\SYSTEM32\pptp32.dll
MMX2 virtualization service: \??\C:\WINDOWS\System32\pptp64.sys (autostart)
MMX virtualization service: \??\C:\WINDOWS\System32\pptp64.sys (system)

semd32
O20 - Winlogon Notify: semd32 - C:\WINDOWS\SYSTEM32\semd32.dll
SE 3.2 memory driver: \??\C:\WINDOWS\System32\semd64.sys (autostart)
SE 3.0 memory driver: \??\C:\WINDOWS\System32\semd64.sys (system)

mmxF32
O20 - Winlogon Notify: mmxF32 - C:\WINDOWS\SYSTEM32\mmxF32.dll
MMX2 virtualization service: \??\C:\WINDOWS\System32\mmxF64.sys (autostart)
MMX virtualization service: \??\C:\WINDOWS\System32\mmxF64.sys (system)

xmsk32
O20 - Winlogon Notify: xmsk32 - C:\WINDOWS\SYSTEM32\xmsk32.dll

regP32
O20 - Winlogon Notify: regP32 - C:\WINDOWS\SYSTEM32\regP32.dll
Registry protect service 2: \??\C:\WINDOWS\System32\regP32.sys (autostart)
Registry protect service: \??\C:\WINDOWS\System32\regP64.sys (system)

mmX432
O20 - Winlogon Notify: mmx432 - C:\WINDOWS\SYSTEM32\mmx432.dll
MMX Virtualization Service: \??\C:\WINDOWS\System32\mmx464.sys (autostart)
MMX2 Virtualization Service: \??\C:\WINDOWS\System32\mmx464.sys (autostart)

sslx32
O20 - Winlogon Notify: sslx32 - C:\WINDOWS\SYSTEM32\sslx32.dl


Haxdoor: ****16.dll

All variants from this type: O20 - Winlogon Notify: ****16 - C:\WINDOWS\SYSTEM32\****16.dll

xptp16
O20 - Winlogon Notify: xptp16 - C:\WINDOWS\SYSTEM32\xptp16.dll
XPPTP winsock version 2: \??\C:\WINDOWS\System32\xptp24.sys (autostart)
XPPTP winsock: \??\C:\WINDOWS\System32\xptp24.sys (system)

pptp16
O20 - Winlogon Notify: pptp16 - C:\WINDOWS\SYSTEM32\pptp16.dll
MMX2 virtualization service: \??\C:\WINDOWS\System32\pptp24.sys (autostart)
MMX virtualization service: \??\C:\WINDOWS\System32\pptp24.sys (system)

ppts16
O20 - Winlogon Notify: ppts16 - C:\WINDOWS\SYSTEM32\ppts16.dll
MMX2 emulation service: \??\C:\WINDOWS\System32\ppts24.sys (autostart)
MMX emulation service: \??\C:\WINDOWS\System32\ppts24.sys (system)

skyx16
O20 - Winlogon Notify: skyx16 - C:\WINDOWS\SYSTEM32\skyx16.dll
DVBa emulation service: \??\C:\WINDOWS\System32\skyx24.sys (autostart)
DVB emulation service: \??\C:\WINDOWS\System32\skyx24.sys (system)

skyu16
O20 - Winlogon Notify: skyu16 - C:\WINDOWS\SYSTEM32\skyu16.dll
DVB X11 controller¹: \??\C:\WINDOWS\System32\skyu24.sys (autostart)
DVBa X11 controllerë
DVB X11 controller¹: \??\C:\WINDOWS\System32\skyu24.sys (system)


Haxdoor: ****xt.dll

All variants from this type: O20 - Winlogon Notify: ****xt - C:\WINDOWS\SYSTEM32\****xt.dll

mmx4xt
O20 - Winlogon Notify: mmx4xt - C:\WINDOWS\SYSTEM32\mmx4xt.dll
MMX virtualization service: \??\C:\WINDOWS\System32\mmx4xm.sys (system)
MMX2 virtualization service: \??\C:\WINDOWS\System32\mmx4xm.sys (autostart)

Haxdoor: ****tt.dll
All variants from this type: O20 - Winlogon Notify: ****tt - C:\WINDOWS\SYSTEM32\****tt.dll

xptptt
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
XPPTP 0x24 winsock: \??\C:\WINDOWS\System32\xptpmm.sys (system)
XPPTP 0x25 winsock: \??\C:\WINDOWS\System32\xptpmm.sys (autostart)

xdudtt
O20 - Winlogon Notify: xdudtt - C:\WINDOWS\SYSTEM32\xdudtt.dll
XPPTP 0x24 winsock: \??\C:\WINDOWS\System32\xdudmm.sys (system)
XPPTP 0x25 winsock: \??\C:\WINDOWS\System32\xdudmm.sys (autostart)


Haxdoor: ****dx.dll

All variants from this type: O20 - Winlogon Notify: ****dx - C:\WINDOWS\SYSTEM32\****dx.dll

wxtwdx
O20 - Winlogon Notify: wxtwdx - C:\WINDOWS\SYSTEM32\wxtwdx.dll
wxtwdu PNP DRIVER: \??\C:\WINDOWS\System32\wxtwdu.sys (system)
wxtw PNP DRIVER: \??\C:\WINDOWS\System32\wxtwdx.sys (autostart)

dxtpdx
O20 - Winlogon Notify: dxtpdx - C:\WINDOWS\SYSTEM32\dxtpdx.dll
MMX virtualization service: \??\C:\WINDOWS\System32\dxtpdh.sys (system)
MMX2 virtualization service: \??\C:\WINDOWS\System32\dxtpdx.sys (autostart)


Haxdoor: ****01.dll

All variants from this type: O20 - Winlogon Notify: ****01 - C:\WINDOWS\SYSTEM32\****01.dll

yvpp01
O20 - Winlogon Notify: yvpp01 - C:\WINDOWS\SYSTEM32\yvpp01.dll
NDIS OSI32: \??\C:\WINDOWS\System32\yvpp01.sys (autostart)
NDIS OSI: \??\C:\WINDOWS\System32\yvpp02.sys (system)

yvbb01
O20 - Winlogon Notify: yvbb01 - C:\WINDOWS\SYSTEM32\yvbb01.dll


Haxdoor: ****ax.dll

All variants from this type: O20 - Winlogon Notify: ****ax - C:\WINDOWS\SYSTEM32\****ax.dll

vistax
O20 - Winlogon Notify: vistax - C:\WINDOWS\SYSTEM32\vistax.dll
SE 3.0 memory driver: \??\C:\WINDOWS\System32\vistaj.sys (system)
SE 3.2 memory driver: \??\C:\WINDOWS\System32\vistaj.sys (autostart)


Haxdoor: ****3a.dll

All variants from this type: O20 - Winlogon Notify: xxxx3a - C:\WINDOWS\SYSTEM32\****3a.dll

dvb03a
O20 - Winlogon Notify: dvb03a - C:\WINDOWS\SYSTEM32\dvb03a.dll

Haxdoor: ****gs.dll

All variants from this type: O20 - Winlogon Notify: ****gs - C:\WINDOWS\SYSTEM32\****gs.dll

sergtgs
O20 - Winlogon Notify: sertgs - C:\WINDOWS\SYSTEM32\sertgs.dll
TCPIP2 Kernel: \??\C:\WINDOWS\System32\sertgm.sys (system)
TCPIP2 Kernel32: \??\C:\WINDOWS\System32\sertgm.sys (autostart)

seppgs.dll
O20 - Winlogon Notify: seppgs - C:\WINDOWS\SYSTEM32\seppgs.dll
STK Bi 001: \??\C:\WINDOWS\System32\seppgm.sys (system)
STK Bi 002: \??\C:\WINDOWS\System32\seppgm.sys (autostart)

xcttgs.dl
O20 - Winlogon Notify: xcttgs - C:\WINDOWS\SYSTEM32\xcttgs.dll
STK Bi 001: \??\C:\WINDOWS\System32\xcttgm.sys (system)
STK Bi 002: \??\C:\WINDOWS\System32\xcttgm.sys (autostart)


Haxdoor: ****hh.dll

All variants from this type: O20 - Winlogon Notify: ****hh - C:\WINDOWS\SYSTEM32\****hh.dll

bmtdhh
O20 - Winlogon Notify: bmtdhh - C:\WINDOWS\SYSTEM32\bmtdhh.dll
DVB X11 controller: \??\C:\WINDOWS\System32\bmtdhk.sys (autostart)
DVBa X11 controller: \??\C:\WINDOWS\System32\bmtdhk.sys (system)


Haxdoor: ****44.dll

All variants from this type: O20 - Winlogon Notify: ****44 - C:\WINDOWS\SYSTEM32\****44.dll

winf44
O20 - Winlogon Notify: winf44 - C:\WINDOWS\SYSTEM32\winf44.dll
winm TCP: \??\C:\WINDOWS\System32\winf44.sys (autostart)
winf49 TCP: \??\C:\WINDOWS\System32\winf49.sys (system)


Haxdoor: lanmui.dll

O20 - Winlogon Notify: lanmui - C:\WINDOWS\SYSTEM32\lanmui.dll
LAN FW adapter: \??\C:\WINDOWS\System32\lannui.sys (autostart)
LAN MSFW adapter: \??\C:\WINDOWS\System32\lannui.sys (system)

Haxdoor twpkad.dll

O20 - Winlogon Notify: twpkad - C:\WINDOWS\SYSTEM32\twpkad.dll
UDP32 netbios mapping: \??\C:\WINDOWS\System32\twpkbd.sys (autostart)
NETLINK mapping: \??\C:\WINDOWS\System32\twpkbd.sys (system)

Haxdoor: debugg.dll

O20 - Winlogon Notify: debugg - C:\WINDOWS\SYSTEM32\debugg.dll

Haxdoor: yvsvga.dll

O20 - Winlogon Notify: yvsvga - C:\WINDOWS\SYSTEM32\yvsvga.dll
NDIS OSI: System32\ycsvga.sys (system)

Haxdoor: xmm13g.dll

O20 - Winlogon Notify: xmm13g - C:\WINDOWS\SYSTEM32\xmm13g.dll
MMX virtualization service: \??\C:\WINDOWS\System32\mmx19g.sys (system)
MMX2 virtualization service: \??\C:\WINDOWS\System32\mmx19g.sys (autostart)

Haxdoor: mmx17g.dll

O20 - Winlogon Notify: mmx17g - C:\WINDOWS\SYSTEM32\mmx17g.dll

Haxdoor: yvprgb.dll

O20 - Winlogon Notify: yvprgb - c:\windows\system32\yvprgb.dll
YVPB video output: \??\C:\WINDOWS\system32\ycsrgb.sys (system)
RGB video output: \??\C:\WINDOWS\system32\ycsrga.sys (autostart)

Haxdoor: rxx5ot.dll

O20 - Winlogon Notify: rxx5ot - C:\WINNT\SYSTEM32\rxx5ot.dll

Haxdoor: ydsvgd.dll

O20 - Winlogon Notify: ydsvgd - C:\WINDOWS\SYSTEM32\ydsvgd.dll

Haxdoor: xopptp.dll

O20 - Winlogon Notify: xopptp - C:\WINDOWS\SYSTEM32\xopptp.dll
YVPB video output:\??\C:\WINDOWS\system32\xdpptp.sys (system)
xopptp.dll
xdpptp.sys
xopptp.sys

Haxdoor: yvdrgb.dll

O20 - Winlogon Notify: yvdrgb - C:\WINDOWS\SYSTEM32\yvdrgb.dll
YVPB video output: \??\C:\WINDOWS\System32\ycsrgb.sys (system)
RGB video output: \??\C:\WINDOWS\System32\ycsrga.sys (autostart)
yvdrgb.dll
ycsrgb.sys

Haxdoor: emul65.dll

O20 - Winlogon Notify: emul65 - C:\WINDOWS\SYSTEM32\emul65.dll
DCode emulator A37: \??\C:\WINDOWS\System32\emul37.sys (system)
DCode emulator: \??\C:\WINDOWS\System32\emul65.sys (autostart)
emul65.dll
emul65.sys
emul37.sys

Haxdoor: wnmicf.dll

O20 - Winlogon Notify: wnmicf - C:\WINDOWS\SYSTEM32\wnmicf.dll
MClear Service: \??\C:\WINDOWS\System32\wnmicf.sys (autostart)
FClear Service: \??\C:\WINDOWS\System32\wnmifc.sys (system)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wnmicf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wnmifc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmicf.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\wnmifc.sys
wnmicf.dll
wnmicf.sys
wnmifc.sys

Haxdoor: rmk8ot.dll

O20 - Winlogon Notify: rmk8ot - C:\WINDOWS\SYSTEM32\rmk8ot.dll
MMX2 virtualization service: \??\C:\WINDOWS\System32\rmk9ot.sys (autostart)
MMX virtualization service: \??\C:\WINDOWS\System32\rmk9ot.sys (system)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk8ot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rmk9ot
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\rmk8ot.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\rmk9ot.sys
rmk8ot.dll
rmk8ot.sys
rmk9ot.sys

Haxdoor: svkvpn.dll

O20 - Winlogon Notify: svkvpn - C:\WINDOWS\SYSTEM32\svkvpn.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\svkvpn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svjvpn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\svjvpn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svjvpn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svkvpn
MCRT accelerator: \??\C:\WINDOWS\System32\svjvpn.sys (system)
DCRT acceleratorU‹ìè: \??\C:\WINDOWS\System32\svjvpm.sys (autostart)
svkvpn.dll
svjvpn.sys
svkvpn.sys

Haxdoor: utgrbe.dll

O20 - Winlogon Notify: utgrbe - C:\WINDOWS\SYSTEM32\utgrbe.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\utgrbe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\utgrbe.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ufgrbe.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ufgrbe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\utgrbe
utgrbe.dll
utgrbe.sys
ufgrbe.sys

Haxdoor: eetvpn.dll

O20 - Winlogon Notify: eetvpn - C:\WINDOWS\SYSTEM32\eetvpn.dll
MCRT accelerator: \??\C:\WINDOWS\System32\eexvpn.sys (system)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\eetvpn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eetvpn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\eexvpn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eetvpn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eexvpn
eetvpn.dll
eetvpn.sys
eexvpn.sys

Haxdoor: wsmsag.dll

O20 - Winlogon Notify: wsmsag - C:\WINDOWS\SYSTEM32\wsmsag.dll
RGB video output: \??\C:\WINDOWS\System32\mswsaf.sys (autostart)
IPSTK driver: \??\C:\WINDOWS\System32\mswsag.sys (system)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wsmsag
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wsmsag
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mswsag
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mswsag.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mswsag.sys
wsmsag.dll
mswsag.sys
wsmsag.sys

Haxdoor: ovrscn.dll

O20 - Winlogon Notify: ovrscn - C:\WINDOWS\SYSTEM32\ovrscn.dll
Memory SCN X1: \??\C:\WINDOWS\System32\ovrscn.sys (autostart)
Memory SCN: \??\C:\WINDOWS\System32\ovwscn.sys (system)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ovrscn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ovrscn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ovwscn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ovrscn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovrscn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovwscn.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ovwscn.sys
ovrscn.dll
ovrscn.sys
ovwscn.sys

Haxdoor: rgbopx.dll

O20 - Winlogon Notify: rgbopx - C:\WINDOWS\SYSTEM32\rgbopx.dll
YVPB video output: \??\C:\WINDOWS\system32\ycsrgb.sys
RGB video output: \??\C:\WINDOWS\system32\ycsrga.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rgbopx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rgbopx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ycsrgb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rgbopx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ycsrgb.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rgbopx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ycsrgb.sys
rgbopx.dll
ycsrgb.sys
ycsrga.sys

Haxdoor: ewsmsg.dll

O20 - Winlogon Notify: ewsmsg - C:\WINDOWS\SYSTEM32\ewsmsg.dll
HDTV video output: \??\C:\WINDOWS\system32\gmswsa.sys (autostart)
IPV6STK driver: \??\C:\WINDOWS\system32\gmswsa.sys (system)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ewsmsg      
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gmswsa
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gmswsa.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\gmswsa.sys
C:\WINDOWS\SYSTEM32\ewsmsg.dll
C:\WINDOWS\SYSTEM32\ewsmsg.sys
C:\WINDOWS\SYSTEM32\gmswsa.sys

Haxdoor: upsctl.dll

O20 - Winlogon Notify: upsctl - C:\WINDOWS\SYSTEM32\upsctl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\upsctl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upsc
Uninterruptible Power Supply CRT: \\C:\WINDOWS\system32\upscr.sys (system)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\upscr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\upscr.sys
hrs.bin
upscr.sys
upsctl.dll

Notify keys:
O20 - Winlogon Notify: acpiz - C:\WINDOWS\SYSTEM32\acpiz.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acpiz]

O20 - Winlogon Notify: aeskap - C:\WINDOWS\SYSTEM32\aeskap.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\aeskap

O20 - Winlogon Notify: agpbrdg0 - C:\WINDOWS\SYSTEM32\agpbrdg0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\agpbrdg0

O20 - Winlogon Notify: alcomt - C:\WINDOWS\SYSTEM32\alcomt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\alcomt

O20 - Winlogon Notify: alcopt - C:\WINDOWS\SYSTEM32\alcopt.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\alcopt

O20 - Winlogon Notify: arprmdg0 - C:\WINDOWS\SYSTEM32\arprmdg0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\arprmdg0

O20 - Winlogon Notify: asplug - C:\WINDOWS\SYSTEM32\asplug.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\asplug

O20 - Winlogon Notify: asusrx20 - C:\WINDOWS\SYSTEM32\asusrx20.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\asusrx20

O20 - Winlogon Notify: ati2kaag - C:\WINDOWS\SYSTEM32\ati2kaag.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ati2kaag

O20 - Winlogon Notify: ati2krtg - C:\WINDOWS\SYSTEM32\ati2krtg.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ati2krtg

O20 - Winlogon Notify: ati2paag - C:\WINDOWS\SYSTEM32\ati2paag.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ati2paag

O20 - Winlogon Notify: atiddaxx - C:\WINDOWS\SYSTEM32\atiddaxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\atiddaxx

O20 - Winlogon Notify: atietaxx - C:\WINDOWS\SYSTEM32\atietaxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\atietaxx

O20 - Winlogon Notify: atixdaxx - C:\WINDOWS\SYSTEM32\atixdaxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\atixdaxx

O20 - Winlogon Notify: atixdbxx - C:\WINDOWS\SYSTEM32\atixdbxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\atixdbxx

O20 - Winlogon Notify: avload32 - C:\WINDOWS\SYSTEM32\avload32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avload32

O20 - Winlogon Notify: axdebugl - C:\WINDOWS\SYSTEM32\axdebugl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\axdebugl

O20 - Winlogon Notify: bootrom8 - C:\WINDOWS\SYSTEM32\bootrom8.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bootrom8

O20 - Winlogon Notify: bt848rom - C:\WINDOWS\SYSTEM32\bt848rom.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bt848rom

O20 - Winlogon Notify: cabpck - C:\WINDOWS\SYSTEM32\cabpck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cabpck

O20 - Winlogon Notify: cdscsix3 - C:\WINDOWS\SYSTEM32\cdscsix3.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cdscsix3

O20 - Winlogon Notify: cryptmd5 - C:\WINDOWS\SYSTEM32\cryptmd5.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptmd5

O20 - Winlogon Notify: ctasys - C:\WINDOWS\SYSTEM32\ctasys.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ctasys

O20 - Winlogon Notify: ctlsys - C:\WINDOWS\SYSTEM32\ctlsys.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ctlsys

O20 - Winlogon Notify: ddirectz - C:\WINDOWS\SYSTEM32\ddirectz.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddirectz

O20 - Winlogon Notify: datcom - C:\WINDOWS\SYSTEM32\datcom.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\datcom

O20 - Winlogon Notify: datmps - C:\WINDOWS\SYSTEM32\datmps.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\datmps

O20 - Winlogon Notify: dbbin - C:\WINDOWS\SYSTEM32\dbbin.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dbbin

O20 - Winlogon Notify: ddrawxt - C:\WINDOWS\SYSTEM32\ddrawxt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddrawxt

O20 - Winlogon Notify: directpt - C:\WINDOWS\SYSTEM32\directpt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\directpt

O20 - Winlogon Notify: directut - C:\WINDOWS\SYSTEM32\directut.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\directut

O20 - Winlogon Notify: divxps - C:\WINDOWS\SYSTEM32\divxps.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\divxps

O20 - Winlogon Notify: divxrs - C:\WINDOWS\SYSTEM32\divxrs.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\divxrs

O20 - Winlogon Notify: docent0 - C:\WINDOWS\SYSTEM32\docent0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\docent0

O20 - Winlogon Notify: docent2 - C:\WINDOWS\SYSTEM32\docent2.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\docent2

O20 - Winlogon Notify: droute - C:\WINDOWS\SYSTEM32\droute.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\droute

O20 - Winlogon Notify: dvd4free - C:\WINDOWS\SYSTEM32\dvd4free.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dvd4free

O20 - Winlogon Notify: eeekp - C:\WINDOWS\SYSTEM32\eeekp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\eeekp

O20 - Winlogon Notify: emldvc - C:\WINDOWS\SYSTEM32\emldvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\emldvc

O20 - Winlogon Notify: extxerox - c:\WINDOWS\SYSTEM32\extxerox.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\extxerox

O20 - Winlogon Notify: extfpu - C:\WINDOWS\SYSTEM32\extfpu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\extfpu

O20 - Winlogon Notify: fanxctrl - C:\WINDOWS\SYSTEM32\fanxctrl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fanxctrl

O20 - Winlogon Notify: flashdma - C:\WINDOWS\SYSTEM32\flashdma.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\flashdma

O20 - Winlogon Notify: gatwxkey - C:\WINDOWS\SYSTEM32\gatwxkey.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gatwxkey

O20 - Winlogon Notify: gzipmod - C:\WINDOWS\SYSTEM32\gzipmod.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gzipmod

O20 - Winlogon Notify: f3dsl - C:\WINDOWS\SYSTEM32\lsd_f3.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\f3dsl

O20 - Winlogon Notify: F8adsl - C:\WINDOWS\SYSTEM32\F8adsl.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\F8adsl

O20 - Winlogon Notify: flashdrvr - C:\WINDOWS\SYSTEM32\flashdrvr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\flashdrvr

O20 - Winlogon Notify: gatexkey - C:\WINDOWS\SYSTEM32\gatexkey.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gatexkey

O20 - Winlogon Notify: gdiwxp - C:\WINDOWS\SYSTEM32\gdiwxp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gdiwxp

O20 - Winlogon Notify: gdwxp3 - C:\WINDOWS\System32\gdwxp3.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gdwxp3

O20 - Winlogon Notify: hdtvu6 - C:\WINDOWS\SYSTEM32\hdtvu6.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hdtvu6

O20 - Winlogon Notify: hinet - C:\WINDOWS\SYSTEM32\hinet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hinet

O20 - Winlogon Notify: hpprintx - C:\WINDOWS\SYSTEM32\hpprintx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hpprintx

O20 - Winlogon Notify: hpstp - C:\WINDOWS\SYSTEM32\hpstp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hpstp]

O20 - Winlogon Notify: i975gl - C:\WINDOWS\SYSTEM32\i975gl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\i975gl

O20 - Winlogon Notify: ibudu - C:\WINDOWS\SYSTEM32\ibudu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ibudu

O20 - Winlogon Notify: ideusr50 - C:\WINDOWS\SYSTEM32\ideusr50.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ideusr50

O20 - Winlogon Notify: ies4dll - C:\WINDOWS\SYSTEM32\ies4dll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ies4dll

O20 - Winlogon Notify: iesdl4l - C:\WINDOWS\SYSTEM32\iesdl4l.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iesdl4l

O20 - Winlogon Notify: iokey - C:\WINDOWS\system32\iokey.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iokey

O20 - Winlogon Notify: ipfwrd - C:\WINDOWS\system32\ipfwrd.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ipfwrd

O20 - Winlogon Notify: isodvrtg - C:\WINDOWS\SYSTEM32\isodvrtg.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\isodvrtg

O20 - Winlogon Notify: jstdrv - C:\WINDOWS\SYSTEM32\jstdrv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jstdrv

O20 - Winlogon Notify: ke32paag - C:\WINDOWS\SYSTEM32\ke32paag.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ke32paag

O20 - Winlogon Notify: ke64boot - C:\WINDOWS\SYSTEM32\ke64boot.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ke64boot

O20 - Winlogon Notify: ke64boot - C:\WINDOWS\SYSTEM32\kryostm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kryostm

O20 - Winlogon Notify: ksapgh - C:\WINDOWS\SYSTEM32\ksapgh.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ksapgh

O20 - Winlogon Notify: lgn1216a - C:\WINDOWS\SYSTEM32\lgn1216a.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lgn1216a

O20 - Winlogon Notify: linksrv0 - C:\WINDOWS\SYSTEM32\linksrv0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\linksrv0

O20 - Winlogon Notify: logon032 - C:\WINDOWS\SYSTEM32\logon032.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logon032

O20 - Winlogon Notify: logon16x - C:\WINDOWS\SYSTEM32\logon16x.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logon16x

O20 - Winlogon Notify: mcfCC4 - C:\WINDOWS\SYSTEM32\mcfCC4.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mcfCC4

O20 - Winlogon Notify: mcfG7A - C:\WINDOWS\SYSTEM32\mcfG7A.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mcfG7A

O20 - Winlogon Notify: mckwave - C:\WINDOWS\system32\mckwave.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mckwave

O20 - Winlogon Notify: mcrwave - C:\WINDOWS\SYSTEM32\mcrwave.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mcrwave

O20 - Winlogon Notify: md4hsh - C:\WINDOWS\SYSTEM32\md4hsh.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\md4hsh

O20 - Winlogon Notify: mdhash - C:\WINDOWS\SYSTEM32\mdhash.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhash

O20 - Winlogon Notify: mdfpro - C:\WINDOWS\SYSTEM32\mdfpro.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdfpro

O20 - Winlogon Notify: mi5035a0 - C:\WINDOWS\SYSTEM32\mi5035a0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mi5035a0

O20 - Winlogon Notify: mmcdll - C:\WINDOWS\SYSTEM32\mmcdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mmcdll

O20 - Winlogon Notify: mmxeroxk - C:\WINDOWS\SYSTEM32\mmxeroxk.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mmxeroxk

O20 - Winlogon Notify: modgzip - C:\WINDOWS\system32\modgzip.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\modgzip

O20 - Winlogon Notify: modzlib - C:\WINDOWS\system32\modzlib.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\modzlib

O20 - Winlogon Notify: mp3res - C:\WINDOWS\SYSTEM32\mp3res.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mp3res

O20 - Winlogon Notify: mplink - C:\WINDOWS\SYSTEM32\mplink.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mplink

O20 - Winlogon Notify: mt47hub - C:\WINDOWS\SYSTEM32\mt47hub.dll
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mt47hub

O20 - Winlogon Notify: mt49hub - C:\WINDOWS\SYSTEM32\mt49hub.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mt49hub

O20 - Winlogon Notify: nclabydll - C:\WINDOWS\SYSTEM32\nclabydll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nclabydll

O20 - Winlogon Notify: netprp - C:\WINDOWS\SYSTEM32\netprp.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\netprp

O20 - Winlogon Notify: netwrp - C:\WINDOWS\SYSTEM32\netwrp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\netwrp

O20 - Winlogon Notify: nkunpack - C:\WINDOWS\SYSTEM32\nkunpack.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nkunpack

O20 - Winlogon Notify: ntpdxt - C:\WINDOWS\SYSTEM32\ntpdxt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ntpdxt

O20 - Winlogon Notify: nucdrvdll - C:\WINDOWS\SYSTEM32\nucdrvdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nucdrvdll

O20 - Winlogon Notify: nuclabdll - C:\WINDOWS\SYSTEM32\nuclabdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nuclabdll

O20 - Winlogon Notify: nvsystl0 - C:\WINDOWS\SYSTEM32\nvsystl0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nvsystl0

O20 - Winlogon Notify: obbf115 - C:\WINDOWS\SYSTEM32\obbf115.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\obbf115

O20 - Winlogon Notify: obbn13t - C:\WINDOWS\SYSTEM32\obbn13t.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\obbn13t

O20 - Winlogon Notify: oedes - C:\WINDOWS\SYSTEM32\oedes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\oedes

O20 - Winlogon Notify: openglss - C:\WINDOWS\SYSTEM32\openglss.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\openglss

O20 - Winlogon Notify: openglwx - C:\WINDOWS\SYSTEM32\openglwx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\openglwx

O20 - Winlogon Notify: pasksa - C:\WINDOWS\SYSTEM32\pasksa.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pasksa

O20 - Winlogon Notify: pcixmm - C:\WINDOWS\SYSTEM32\pcixmm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pcixmm

O20 - Winlogon Notify: pemulx86 - C:\WINDOWS\SYSTEM32\pemulx86.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pemulx86

O20 - Winlogon Notify: pmod11 - C:\WINDOWS\SYSTEM32\pmod11.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmod11

O20 - Winlogon Notify: powerxt - C:\WINDOWS\SYSTEM32\powerxt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\powerxt

O20 - Winlogon Notify: pptpr - C:\WINDOWS\SYSTEM32\pptpr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptpr

O20 - Winlogon Notify: priarsz - C:\WINDOWS\SYSTEM32\priarsz.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\priarsz

O20 - Winlogon Notify: printpnp - C:\WINDOWS\SYSTEM32\printpnp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\printpnp

O20 - Winlogon Notify: printpn2 - C:\WINDOWS\SYSTEM32\printpn2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\printpn2

O20 - Winlogon Notify: prtsks - C:\WINDOWS\SYSTEM32\prtsks.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\prtsks

O20 - Winlogon Notify: prwsks - C:\WINDOWS\SYSTEM32\prwsks.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\prwsks

O20 - Winlogon Notify: psksds - C:\WINDOWS\SYSTEM32\psksds.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psksds

O20 - Winlogon Notify: px86emul - C:\WINDOWS\SYSTEM32\px86emul.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\px86emul

O20 - Winlogon Notify: qhdtvv - C:\WINDOWS\SYSTEM32\qhdtvv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qhdtvv

O20 - Winlogon Notify: ramdmm - C:\WINDOWS\SYSTEM32\ramdmm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ramdmm

O20 - Winlogon Notify: rdrVR2 - C:\WINDOWS\SYSTEM32\rdrVR2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rdrVR2

O20 - Winlogon Notify: rege2usb - C:\WINDOWS\SYSTEM32\rege2usb.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rege2usb

O20 - Winlogon Notify: rksocket - C:\WINDOWS\SYSTEM32\rksocket.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rksocket

O20 - Winlogon Notify: rlx51dom - C:\WINDOWS\SYSTEM32\rlx51dom.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\rlx51dom

O20 - Winlogon Notify: rlx5dom1 - C:\WINDOWS\SYSTEM32\rlx5dom1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rlx5dom1

O20 - Winlogon Notify: routew - C:\WINDOWS\SYSTEM32\routew.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\routew

O20 - Winlogon Notify: rsdapi - C:\WINDOWS\System32\rsdapi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rsdapi

O20 - Winlogon Notify: rssync - C:\WINDOWS\System32\rssync.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rssync

O20 - Winlogon Notify: satad640 - C:\WINDOWS\SYSTEM32\satad640.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\satad640

O20 - Winlogon Notify: satau320 - C:\WINDOWS\SYSTEM32\satau320.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\satau320

O20 - Winlogon Notify: satdll - C:\WINDOWS\SYSTEM32\satdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\satdll

O20 - Winlogon Notify: satmmc - C:\WINDOWS\SYSTEM32\satmmc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\satmmc

O20 - Winlogon Notify: sbfxi - C:\WINDOWS\system32\sbfxi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sbfxi

O20 - Winlogon Notify: sbrige - C:\WINDOWS\system32\sbrige.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sbrige

O20 - Winlogon Notify: scsi2usb - C:\WINDOWS\SYSTEM32\scsi2usb.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\scsi2usb

O20 - Winlogon Notify: scsiusr4 - C:\WINDOWS\SYSTEM32\scsiusr4.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\scsiusr4

O20 - Winlogon Notify: sdcard98 - C:\WINDOWS\SYSTEM32\sdcard98.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sdcard98

O20 - Winlogon Notify: se500mdm - C:\WINDOWS\SYSTEM32\se500mdm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\se500mdm

O20 - Winlogon Notify: se633mxx - C:\WINDOWS\SYSTEM32\se633mxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\se633mxx

O20 - Winlogon Notify: sha1hsh - C:\WINDOWS\SYSTEM32\sha1hsh.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sha1hsh

O20 - Winlogon Notify: sksdll - C:\WINDOWS\SYSTEM32\sksdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sksdll

O20 - Winlogon Notify: snjava - C:\WINDOWS\system32\snjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\snjava

O20 - Winlogon Notify: sphub - C:\WINDOWS\system32\sphub.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sphub

O20 - Winlogon Notify: status - C:\WINDOWS\SYSTEM32\status.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\status

O20 - Winlogon Notify: stfilter - C:\WINDOWS\SYSTEM32\stfilter.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\stfilter

O20 - Winlogon Notify: swapdm - C:\WINDOWS\system32\swapdm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\swapdm

O20 - Winlogon Notify: syncps - C:\WINDOWS\system32\syncps.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\syncps

O20 - Winlogon Notify: syslink - C:\WINDOWS\SYSTEM32\syslink.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\syslink

O20 - Winlogon Notify: sysprint - C:\WINDOWS\SYSTEM32\sysprint.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysprint

O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpG4T

O20 - Winlogon Notify: tcpGDC - C:\WINDOWS\SYSTEM32\tcpGDC.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpGDC

O20 - Winlogon Notify: tcpwrk - C:\\WINDOWS\SYSTEM32\tcpwrk.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tcpwrk

O20 - Winlogon Notify: tehlink0 - C:\WINDOWS\SYSTEM32\tehlink0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tehlink0

O20 - Winlogon Notify: tomto - C:\WINDOWS\system32\tomto.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tomto

O20 - Winlogon Notify: upsctrl0 - C:\WINDOWS\SYSTEM32\upsctrl0.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\upsctrl0

O20 - Winlogon Notify: utsync - C:\WINDOWS\SYSTEM32\utsync.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\utsync

O20 - Winlogon Notify: vmbox2 - C:\WINDOWS\SYSTEM32\vmbox2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vmbox2

O20 - Winlogon Notify: vxtnav - C:\WINDOWS\SYSTEM32\vxtnav.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vxtnav

O20 - Winlogon Notify: wartamll - C:\WINDOWS\SYSTEM32\wartamll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\wartamll

O20 - Winlogon Notify: waxw2k - C:\WINDOWS\SYSTEM32\waxw2k.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\waxw2k

O20 - Winlogon Notify: winprint - C:\WINDOWS\SYSTEM32\winprint.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winprint

O20 - Winlogon Notify: wndtx1 - C:\WINDOWS\SYSTEM32\wndtx1.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wndtx1

O20 - Winlogon Notify: wrapkm - C:\WINDOWS\system32\wrapkm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wrapkm

O20 - Winlogon Notify: wsmsge - C:\WINDOWS\SYSTEM32\wsmsge.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wsmsge

O20 - Winlogon Notify: xartcd5 - C:\WINDOWS\SYSTEM32\xartcd5.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xartcd5

O20 - Winlogon Notify: xatcore - C:\WINDOWS\SYSTEM32\xatcore.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xatcore

O20 - Winlogon Notify: xcdmfree - C:\WINDOWS\SYSTEM32\xcdmfree.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xcdmfree

O20 - Winlogon Notify: xkeyshll - C:\WINDOWS\SYSTEM32\xkeyshll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xkeyshll

O20 - Winlogon Notify: xliftm - C:\WINDOWS\system32\xliftm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xliftm

O20 - Winlogon Notify: xtav3des - C:\WINDOWS\SYSTEM32\xtav3des.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xtav3des

O20 - Winlogon Notify: zopenssl - C:\WINDOWS\SYSTEM32\zopenssl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zopenssl

Services:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\agpbrdg5

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\alcom

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\alcop
alcop server: \??\C:\WINDOWS\System32\alcop.sys (system)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\armdvc
ARM TSL device: \??\C:\WINDOWS\System32\armdvc.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\armrfc
ARM FDCG850 device: \??\C:\WINDOWS\System32\armrfc.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\arprmdg5

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asplg
DirectSound KDriver: \??\C:\WINDOWS\SYSTEM32\asplg.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asusrx25

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ati2ksag
Object memory mapping 8.0: \??\C:\WINDOWS\System32\ati2ksag.sys (system)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ati2kstg
Object memory mapping 8.0 : \??\C:\WINDOWS\System32\ati2kstg.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati2psag
Object memory mapping 8.0: \??\C:\WINDOWS\System32\ati2psag.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atiddbxx
ATI TnL Rendering: \??\C:\WINDOWS\System32\atiddbxx.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atietbxx

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atixdbxx
ATI Hardware TnL Rendering: \??\C:\WINDOWS\System32\atixdbxx.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\axdebugld
OPENSSL cryptoapi: \??\C:\WINDOWS\System32\axdebugld.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdscsix3r
CDRW overrun protection: \??\C:\WINDOWS\System32\cdscsix3r.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cpudev
CPU microcode correction: \??\C:\WINDOWS\System32\cpudev.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CsdDriver
CsdDriver \??\C:\WINDOWS\System32\CsdDriver.sys (manual start)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dbbin

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ddirectxt
INPUT/OUTPUT printing: \??\C:\WINDOWS\System32\ddirectxt.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\directprt
IO Direct printing service: \??\C:\WINDOWS\System32\directprt.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\directout

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\docentd

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dprot
DTM Protector: \??\C:\WINDOWS\System32\dprot.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvdkernl

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dwave

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dx9sr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eeekp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\emulx86

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eps32sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epsn2sys
EPS Printer driver: \??\C:\WINDOWS\System32\epsn2sys.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epsonsys
EPS Printer driver: \??\C:\WINDOWS\System32\epsonsys.sys (system)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\estsprt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fanxctrld

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\flashdrv3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\flashsmt
Rege memory mapper \??\C:\WINDOWS\System32\flashsmt.sys (system)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\fprot
FT StarForce Protector: \??\C:\WINDOWS\System32\fprot.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fpuext

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gdiw2k

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gdow2k

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzvba

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpprintdrv
HP32X Printer driver: \??\C:\WINDOWS\System32\hpprintdrv.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hooka

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idersrvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ies4service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iesservice4
LOGON support service: \??\C:\WINDOWS\System32\iesservice4.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iesprt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iokey

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipfwrd

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipudpb2
IP2 UDPB2: \??\C:\WINDOWS\System32\ipudpb2.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irptp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isodvstg
Object memory mapping 8.0: \??\C:\WINDOWS\System32\isodvstg.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\itcoe
itcoe adapter \\??\C:\WINDOWS\System32\itcoe.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\java2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jscript

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\k53lock
VMemory protect: \??\C:\WINDOWS\System32\k53lock.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ke32psag

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ke7dnl
AVXSearch service: \??\C:\WINDOWS\System32\ke7dnl.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kryo2
CPU FUN Controller: \??\C:\WINDOWS\System32\kednld.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kednld
MCAfee update srvc: \??\C:\WINDOWS\System32\kryo2.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kteproc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kwave

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\linksrvd

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\m32lock

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcfdrv
MCFservice: \??\C:\WINDOWS\System32\mcfdrv.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mdhsh

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfstcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mi5035a5
ASUS PCI controller: \??\C:\WINDOWS\System32\mi5035a5.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mjva

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mm77lgn
mm77lgn control service: \??\C:\WINDOWS\System32\mm77lgn.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mmccrd
MMC card reader: \??\C:\WINDOWS\System32\mmccrd.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mmcta

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mmctl

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mmlogon

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msftcpip

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msrdr2
IP correction service: \??\C:\WINDOWS\System32\msrdr2.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msvtch
"ImagePath" = "system32\msvtch.sys"
"DisplayName" = "Kernel Mode SND msvtcher"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mswsaf
HDTV video output: \??\C:\WINDOWS\System32\mswsaf.sys (autostart)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nclaby
NOD AV service: \??\C:\WINDOWS\System32\nclaby.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\necsopp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\necsort
Kernel TCP Filtering protocol: \??\C:\WINDOWS\System32\necsort.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nkgfs
NK45 file system driver: \??\C:\WINDOWS\System32\nkcfg.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nkudpn1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nodantivir
NOD AV service: \??\C:\WINDOWS\System32\nodantivir.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntpdxt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nucdrv

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nuclab

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvmapi
NVidia TLayer gateway A2;\??\C:\WINDOWS\System32\nvmapi.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvnati
NVidia XTLayer gateway : \??\C:\WINDOWS\System32\nvnati.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvnatv
Nvdia Native Rendering : \??\C:\WINDOWS\System32\nvnatv.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvsystl3
PPA Virtial rendering: \??\C:\WINDOWS\System32\nvsystl3.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\obbf117
Kernel Objects Manager: \??\C:\WINDOWS\System32\obbf117.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\obbn13rt
Windows Objects manager: \??\C:\WINDOWS\System32\obbn13rt.sys (system)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\openglssd

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\openglwxd
OPENGL technology access: \??\C:\WINDOWS\System32\openglwxd.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p76xxsks
USB p76xxsks: \??\C:\WINDOWS\System32\p76xxsks.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p79bsksb
USB p79bsksb: \??\C:\WINDOWS\System32\p79bsksb.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p81eskse
FWSHIFT service \??\C:\WINDOWS\System32\p81eskse.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcixm

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pptpr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\prt21sks

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\prt47sys
PRT4701 Printer driver \??\C:\WINDOWS\System32\prt47sys.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\prw76sks
USB prw76sks: \??\C:\WINDOWS\System32\prw76sks.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ramdma

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ramvxt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdsync

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\regepsrvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rkskt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rlx66dob

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rlx6dob6

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rotr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rotw

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\satad645

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\satau325
SATA bus driver: \??\C:\WINDOWS\System32\satau325.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbunit

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsipsrvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdcardX2
KMX direct access: \??\C:\WINDOWS\System32\sdcardX2.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\se500mdmd
SE500 Generic: \??\C:\WINDOWS\System32\se500mdmd.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\se633mxxd
IRDa Modem device #12: \??\C:\WINDOWS\system32\se633mxxd.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sha1krnl
Kernel CryptoService: \??\C:\WINDOWS\System32\sha1krnl.sys (system)

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sks2drvr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sksdrvr2

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\socket573

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\socketx113

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sphub

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spndt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ssipod1
IPODT1000: \??\C:\WINDOWS\System32\ssipod1.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\surrd

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svitch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swapm

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\syncm

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\syncmc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tage32
"DisplayName" = "NGate service"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tehlink5
UPS COMcontrol: \??\C:\WINDOWS\system32\upsctrl3.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tomto

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upsctrl3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uvsync

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmbox2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vxdgfx

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vxvgfv
VXV CPU device: \??\C:\WINDOWS\System32\vxvgfv.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wartamd
SECURE SHELL access driver: \??\C:\WINDOWS\System32\wartamd.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wlite

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wnlogon
UDP packet correction: \??\C:\WINDOWS\System32\wnlogon.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wnlogow

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wrapk

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wrmdrv
WRM CPU driver: \??\C:\WINDOWS\System32\wrmdrv.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\x86emul
FPU emulation service: \??\C\:WINDOWS\system32\x86emul.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xartcd7
Kernel Objects Manager: \??\C:\WINDOWS\system32\xartcd7.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xcdkernl

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xdrve9d
IPv6 BT converter: \??\C:\WINDOWS\System32\xdrve9d.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xkeyshd
SECURE SHELL access driver: \??\C:\WINDOWS\System32\xkeyshd.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xlift

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xprot
XPROTECTOR Driver \??\C:\WINDOWS\System32\xprot.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zopenssld
OPENGL technology access: \??\C:\WINDOWS\System32\zopenssld.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zopenssld
OPENSSL cryptoapi: \??\C:\WINDOWS\System32\zopenssld.sys (system)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\core3.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dbbin.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eeekp.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\gzvba.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iokey.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ipfwrd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\java2.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jscript.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kryo2.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kteproc.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kwave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mdhsh.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mjva.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mmcta.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mmctl.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msvtch.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\netwp.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ntpdxt.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pptpr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ramdma.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rdsync.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rkskt.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sbunit.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sphub.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\spndt.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\surrd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\swapm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\syncm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\syncmc.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tomto.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uvsync.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmbox2.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wlite.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wrapk.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xlift.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\core3.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dbbin.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\eeekp.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\gzvba.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\iokey.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipfwrd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\java2.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\jscript.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kryo2.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kteproc.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\kwave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mmcta.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mdhsh.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mjva.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mmctl.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msvtch.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netwp.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntpdxt.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pptpr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ramdma.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsync.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rkskt.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sbunit.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sphub.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\spndt.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\surrd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swapm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\syncm.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\syncmc.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tomto.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uvsync.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmbox2.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wlite.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wrapk.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\xlift.sys

ShellServiceObjectDelayLoad:
O21 - SSODL: msindeo.dll - {7ACB5731-5839-13AB-EABC-124791194525} - C:\WINDOWS\ system32\msindeo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msindeo.dll" = "{7ACB5731-5839-13AB-EABC-124791194525}"

O21 - SSODL: oledll - {12345B67-1234-1234-D123-7F84D123BC7D} - C:\WINDOWS\System32\wmldap.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"oledll" = "{12345B67-1234-1234-D123-7F84D123BC7D}"

These keys are hidden by the rootkit.
O21 - SSODL: MemMan - {523455E4-ABCD-ABCD-1114-D709ADD3DDAB} - C:\WINDOWS\System32\MemMan.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MemMan"="{523455E4-ABCD-ABCD-1114-D709ADD3DDAB}"

O21 - SSODL: UpperHost - {523455E4-ABCD-ABCD-1114-D709ADD3DDAB} - C:\WINDOWS\System32\UpperHost.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UpperHost"="{523455E4-ABCD-ABCD-1114-D709ADD3DDAB}"

O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"="{66186F05-BBBB-4a39-864F-72D84615C679}"

O21 - SSODL: WebProxy - {A744F16C-B2D5-4138-81A2-085CDFCDE83A} - sxmg4.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"="{A744F16C-B2D5-4138-81A2-085CDFCDE83A}"

Protocols:
O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urikon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urikon.dll

O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urinon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urinon.dll

O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ursnon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\ursnon.dll

O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll

O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urwnon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urwnon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html]
"CLSID = "{DC186800-657F-11D4-B0B5-0050BABFC904}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain]
"CLSID" = "{DC186800-657F-11D4-B0B5-0050BABFC904}"

Browser Helper Objects:
Haxfix removes the associated files for these browser helper objects:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{92617934-9abc-def0-0fed-fad682644311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{68397934-9abc-def0-0fed-fad682644311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{61468245-A343-CF27-3452-44DF4679BDF1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{56262124-6251-5625-3072-548536364311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{46278903-5678-2464-3452-545679092D31}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{68363724-9ABC-DEF0-0FED-FAD682644311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{92617934-9ABC-DEF0-0FED-FAD48C654321}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5240864B-FDFE-4563-3514-463926792311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{13146842-6251-5625-3072-548536364311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{62457936-6381-6170-3572-468926792311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5FCA4D4F-CBDD-4263-3814-463926792311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{65194BCE-CBDD-4263-3814-463926792311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BCD2AF6E-4271-6572-6429-A63F26792311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{80523A67-ABCD-CF37-3352-54DF4479BDF1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4A26217C-5521-3459-2345-AB36721975AF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{78934132-3451-67A2-8919-678931572311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7548953E-4371-6552-6419-A43F26792311}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{73468251-2534-8760-3685-423479197575}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{81463526-1357-4638-2418-538263794561}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0033669F-AADD-AA59-AA7D-AA4B78888000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00534B55-3155-CA4F-B41D-0E922121D03C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{92617934-9ABC-DEF0-0FED-FAD48C654321}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00534B55-3155-CA4F-B41D-0E922121D03C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DABCE839-3831-3818-AF3A-3837BCD324D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DABCE839-3831-3818-AF3A-47D47A738D32}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DABFC839-F831-3D1A-A33A-A7D4BA7C8D3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0000AC13-3487-1583-C4BE-BE6A839DB000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AE1AA4FA-C3A2-4c33-90CD-69DD021A35C8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB59DF5-544D-4A1C-8A74-1FD054950140}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D471CEA2-EDEC-4184-BE2E-574DD655DD2D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7A4C0C8-2BFF-4241-9E8C-92E10245EC28}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68D5BBF9-EED5-4125-B227-55F81540BF4D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8A3B994-E27A-42f5-A053-C63799E621FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AAB6591-87DD-424b-AFF2-4685EBF6A5EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47D92EB6-E52C-4cda-92A6-2369963F4913}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33161E98-0A6C-4d3c-BD62-3A7D56137F52}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D21D9540-6415-4288-BDD0-4453088D9D38}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C579E8B-92F1-44d1-9444-66A4355E9386}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930247B4-16BE-48d2-87DD-86D7FB314639}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF37362D-4088-4c36-AEF1-C167F9CD3DAD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9249083-6055-476c-A69D-13E110BFEA91}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85911752-BC96-4fff-9121-6EB9D8F438E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FED228E-A6F7-49aa-A0BC-76E0A67C53BB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00EBB3B3-DEAD-4440-B1F8-B09DDDB89EF3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9916AF04-5F23-4ae8-A2B1-1C4FF50B2A51}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-B432-46fc-9143-B82B832B1B14}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096059FD-99AB-41eb-9E55-59AEB0A3B444}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-DAD2-4a4c-848D-2CBFC6F0FD21}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-D71D-41e4-A699-F506DBD097F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-08DF-483c-BD3A-99CBCF44E4DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-85A3-452b-B7A8-759AD9B42162}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DE68A8A-8158-4bde-8F5F-849F00AF31FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-8F0D-4322-B01F-B42439E0B71C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B87D203B-B43D-4af9-9E1B-9C20478CBB74}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21D7135F-AEE9-45e7-A0C1-791A4654BFF1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB59DF5-544D-4A1C-8A74-1FD054950140}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ACB5731-5839-13AB-EABC-124791194525}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF99D588-3D5F-4194-828A-E03870A57A77}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BEEFD1C-446F-48a7-A7C7-C8E5986A9760}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68DF1496-983B-9ED5-03A6-F78E3267FB52}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60FD4F58-4748-48f6-B661-5FCE71B0D907}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{850C7964-9320-4055-BE11-7D7B562A6417}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8FD36B2-A25B-47e3-9477-82557F5F5995}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECBA18CA-FF22-464c-A963-70BEC79D2485}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{890C7964-9320-4055-BE11-7D7B562A6417}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FDA60DF-6D94-4f16-A48C-3C4EC57FEF58}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABADC07C-9990-405a-AA24-2C209B50AE79}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6E0EF5F-5F03-43f9-8E02-BBAAA95EAA9C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63845B64-69B6-4b9a-9461-C59B2AFDC0A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18CACF0E-72A4-4be1-AA42-DC2ECDB197F1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32C620D6-CC10-4e6a-9715-BACACD5B0E61}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DDD155F-B89C-4f34-90F0-53D7BD21A37C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59D94AAD-0A67-417e-969B-8311296E8364}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D88F653-4230-4af1-A6A3-54B8D3CD7DF4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89F2C12A-027A-4de3-88F6-9F31A1C0F17C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6458C00E-EF7F-4f06-9E06-49EA923386FD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{013DFA9D-4A04-4907-B043-46BDE4B090E6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CC2F638-99FF-45d2-97C7-E30E83CF04D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684EE1DB-CD52-4ca9-9CCF-93D5F6B419BA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{085E2757-F41D-42d1-B4CC-9DADF7113BBC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{FFCC6792-7219-4ff8-98D2-5D632A5FA01C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{C3221010-0AD7-4c09-B17B-EDCFFDA4B7F9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{DCF49866-8F81-4F5F-8193-7EC75A2AB321}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{56BB6D01-7BD5-4458-A4AE-F03DF643D6EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{C2C3339C-2559-4b81-B9EF-CBAF906D5DA2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper obJects\{73364D99-1240-4dff-B11A-67E448373048}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B303E07-7C7D-45ad-8D42-EB41C9CBC908}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{FEC99B75-349C-4d13-A95E-8DF6D23084C5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{7C7EFE99-C71F-48b8-8CC8-BA506CA76A33}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{1925C7E1-5540-4675-8198-8A2779D4072A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{D6E0FAFC-2B61-4753-B3DA-D83BE96A2C39}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D75B38F-C5F6-444e-ABB3-FD0F77201602}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F66FC8B-DCF6-4db0-908A-2D566D7EF66D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91673BA2-1DC6-411c-9CD0-150750A2ECB5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10C0B0C0-FC01-473b-8EBB-4376353F96E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8AA4410F-A3EE-4279-8F2C-4BFAB8CEB231}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}

Active Setup Installed Components
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5EB96953-7D02-4594-AC15-F55FC9AACFCB}]
"StubPath"="rundll32 msfacat32.dll,InitModule"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EA88F0F-B698-4ab1-8DBC-EBE2CD00927F}]
"StubPath"="rundll32 aj32.dll,InitO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6825FAC3-D7D2-4045-97A2-87DF42CB6728}]
"StubPath"="rundll32 kcms.dll,InitO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5EB96953-7D02-4594-AC15-F55FC9AACFCB}]
"StubPath"= "rundll32 mscont32.dll,InitModule"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}]
"StubPath"="rundll32 sxmg4.dll,InitModule"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66186F05-BBBB-4a39-864F-72D84615C679}]
"StubPath"="rundll32 sockins32.dll,InitModule"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{01BE3276-1420-45b5-9762-172C5C184EB7}]
"StubPath"= "rundll32 svchstb.dll,InitO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67525E1B-5B8E-41d4-AFCC-03CC04F141FA}]
"StubPath"="rundll32 rbsgam.dll,InitO"

Patched iexplore.exe:
msdom32.dll
msvcrl.dll


Other signs of infection:

F2 - REG:system.ini: Shell=explorer.exe vmmdiag32.exe
O4 - HKCU\..\Run: [kernel%32.exe] C:\WINDOWS\kernel%32.exe
O4 - HKLM\..\Run: [C:\WINDOWS\kernel%32.exe] C:\WINDOWS\kernel%32.exe
O4 - HKCU\..\Run: [userinit.exe] C:\WINDOWS\userinit.exe
O4 - HKLM\..\Run: [C:\WINDOWS\userinit.exe] C:\WINDOWS\userinit.exe
O4 - HKLM\..\Run: [Microsoft Update] system.exe
O4 - HKLM\..\Run: [s32net] %System%\rs32net.exe
O4 - HKLM\..\Run: [advap32]=%Temp%\load2.exe /r


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nvchost"
"winlogon"
"Windows Services"
"KIT3"
"WMedia16"
"solo"
"CIJBDYZA"
"Microsoft Update"
"rs32net"
"Microsoft Update Machine"

If scrcki32.dll or scrcwi32.dll is present in the system32 folder, the default path for this registrykey will be modified:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
HaxFix will restore the default value: %systemroot%\system32\shell32.dll

Files in the Windows folder:
kernel%32.exe
nvchost.exe
svchost32.exe
servicez.exe
userinit.exe
winlogon.exe
wiaserviv.log
wmedia16.exe


Files in the System32 folder:
83ghh.ini
a99k.bin
a9k.bin
aaaxcfdwq.dat
aazhy.ini
accs.txt
acpiz.dll
acup.sys
adrnln.bin
aeskap.dll
afha
agpbrdg0.dll
agpbrdg5.sys
aj32.dll
alcom.sys
alcomt.dll
alcop.sys
alcopt.dll
alivefor.dll
alog.txt
armad32.dll
armdvc.sys
armrfc.sys
arprmdg0.dll
arprmdg5.sys
asplg.sys
asplug.dll
asusrx20.dll
asusrx25.sys
aszzxewaqo.vb
ati2kaag.dll
ati2krtg.dll
ati2ksag.sys
ati2kstg.sys
ati2paag.dll
ati2psag.sys
atiddaxx.dll
atiddbxx.sys
atietaxx.dll
atietbxx.sys
atixdaxx.dll
atixdbxx.dll
atixdbxx.sys
avload32.dll
axdebugl.dll
axdebugld.sys
bagetionwll.dll
bb1.dat
bdod.bin
bekbn.dll
berzk.dll
blkernel.dll
bodrowis.dll
bootrom8.dll
braviax.exe
bsn32.dll
bsndcom.dll
bt848rom.dll
btaskv.dll
bulgan.dll
c2d.dat
C3.DLL
C3.SYS
C4.SYS
cabpck.dll
cardb.dat
cdscsix3.dll
cdscsix3r.sys
ck.dat
comd32.dll
condw32.dll
conf.dat
contrld.dll
cookie.dat
cookie1.dat
core3.sys
cpudev.sys
cryptmd5.dll
crypto64.dll
cs.dat
CsdDriver.sys
csm.txt
csrcli32.dll
ctasys.dll
ctlsys.dll
cukert.dll
dadr.dat
datcom.dll
datmps.dll
dbbin.dll
dbbin.sys
dcrick.dll
ddirectxt.sys
ddirectz.dll
ddram.sys
ddrawxt.dll
ddraw.sys
defaultColor.info
directout.sys
directprt.sys
directpt.dll
directut.dll
divxps.dll
divxrs.dll
dmram.sys
dna32v1.dll
docent0.dll
docent2.dll
docentd.sys
dpl.txt
dprot.sys
droute.dll
drweb32.dll
duis.txt
dvd4free.dll
dvdkernl.sys
dwave.sys
dx9sr.sys
eeekp.dll
eeekp.sys
emldvc.dll
emulx86.sys
eps32sys.sys
epsn2sys.sys
epsonsys.sys
es.dat
estsprt.sys
extxerox.dll
extfpu.dll
f87ux.ini
fanxctrl.dll
fanxctrld.sys
fkas
flashdma.dll
flashdrv3.sys
flashdrvr.dll
flashsmt.sys
fprot.sys
fpuext.sys
fux87.ini
fuxx32.dll
fuxx32.sys
fuxx64.sys
gatexkey.dll
gatwxkey.dll
gcomd32.dll
gdiw2k.sys
gdiwxp.dll
gdow2k.sys
gdwxp3.dll
gh.dat
gwin32.dll
gzvba.sys
gzipmod.dll
haskel32.dll
hdtvu6.dll
Helper.dll
Helper1.dll
hinet.dll
hnew32.dll
hooka.sys
hpprintdrv.sys
hpprintx.dll
hpstp.dll
hrpdcf.bin
hrs.bin
hyperconn.dll
hyperser.dll
i975gl.dll
ibudu.dll
idersrvc.sys
ideusr50.dll
idm.dat
iebho.dll
iebho0b.dll
iebho23.dll
ieguard.dll
ies4dll.dll
ies4service.sys
iesdl4l.dll
iesservice4.sys
iesprt.sys
info.txt
interns32.dll
iokey.dll
iokey.sys
ipfwrd.dll
ipfwrd.sys
ipsec6mon.dll
ipudpb2.sys
ipv4mons.dll
ips6mon.dll
ipv6moni.dll
ipv6monj.dll
ipv6monk.dll
ipv6monl.dll
ipv6monm.dll
ipv6monn.dll
ipv6mono.dll
ipv6monp.dll
ipv6monq.dll
ipv6monr.dll
ipv6mons.dll
ipv6sp.dll
irptp.sys
isodvrtg.dll
isodvstg.sys
itcoe.sys
java2.sys
jc.dat
jetaccss.dll
jhxm32.dll
jkcom32.dll
jscript.sys
jstdrv.dll
jzcom32.dll
k86.bin
k53lock.sys
kaxs.dat
kcms.dll
kd.txt
ke32paag.dll
ke32psag.sys
ke64boot.dll
ke7dnl.sys
kedes.sys
kednld.sys
kgcpt.dat
kgctini.dat
kj32.dll
kl80.bin
klgcptini.dat
klite.sys
klo5.sys
klogini.dll
kmsvc32.dll
knmld.dll
krmnat.dll
krnlcab.sys
ksapgh.dll
ksl48.bin
ktaskr.dll
kteproc.sys
kwave.sys
lbbd32.dll
lbcd64.dll
lgn1216a.dll
linksrv0.dll
linksrvd.sys
lkserp6.dll
lxserv4.dll
logon032.dll
logon16x.dll
lps.dat
lpxg
lsd_f3.dll
m32lock.sys
mac.dll
mac1.dll
macaaq.dll
mashtuic32.dll
masyan.dll
mcac.dll
mcfCC4.dll
mcfdrv.sys
mcfG7A.dll
mckwave.dll
mcrwave.dll
md4hsh.dll
mdfpro.dll
mdhash.dll
mdhsh.sys
MemMan.dll
meth.bin
meth.plg
mfstcpip.sys
mi5035a0.dll
mi5035a5.sys
mjva.sys
mld
mm77lgn.sys
mmccrd.sys
mmcdll.dll
mmcta.sys
mmctl.sys
mmlogon.sys
mmxeroxk.dll
modgzip.dll
modzlib.dll
mp3res.dll
mplink.dll
mprexe.exe
ms87.dat
mscont32.dll
msdom32.dll
msfacat32.dll
msfgw32.dll
msft.txt
msftcpip.sys
msindc.dll
msindeo.dll
MSplg7.dll
msrdr2.sys
mstrans.dll
mstrans1.dll
msudp4.sys
msvcrl.dll
mswsaf.sys
mt47hub.dll
mt49hub.dll
mvx.dat
nclaby.sys
nclabydll.dll
necsopp.sys
necsort.sys
netprp.dll
netrp.sys
netwp.sys
netwrp.dll
NGIX.bin
nk.dat
nkcfg.sys
nkudpn1.sys
nkunpack.dll
nmk4.dat
nod32.dll
nodantivir.sys
nods32.dll
nokia32.dll
nortn32.dll
ntld.bin
ntpdxt.dll
ntpdxt.sys
nucdrv.sys
nucdrvdll.dll
nuclab.sys
nuclabdll.dll
nvmapi.sys
nvnati.sys
nvnatv.sys
nvsystl0.dll
nvsystl3.sys
obbf115.dll
obbf117.sys
obbn13t.dll
obbn13rt.sys
oedes.dll
ojhaaasdd.dat
openglssd.sys
openglwx.dll
openglwxd.sys
opx
p1.txt
p2.ini
p3.ini
p76xxsks.sys
p79bsksb.sys
p81eskse.sys
pasksa.dll
paruisd.dll
pcixm.sys
pcixmm.dll
pemulx86.dll
pidfenon.dll
pmod11.dll
pns32.dll
powerxt.dll
ppret2.dll
pptpr.dll
pptpr.sys
preved.bat
printpn2.dll
printpnp.dll
prt21sks.sys
prt47sys.sys
prtsks.dll
prw76sks.sys
prwsks.dll
ps1.dat
psksds.dll
px86emul.dll
q1.dat
qhdtvv.dll
qm.dll
qm.sys
qo.dll
qo.sys
qy.dll
qy.sys
qz.dll
qz.sys
p1.txt
ramdma.sys
ramdmm.dll
ramvxt.sys
rbsgam.dll
rc.dat
rd.dll
rd.sys
rdata.bin
rdrVR2.dll
rdsync.sys
rege2usb.dll
regepsrvc.sys
rhs.bin
ritz8.dll
rkskt.sys
rksocket.dll
rlx51dom.dll
rlx5dom1.dll
rlx66dob.sys
rlx6dob6.sys
roadmap16.dll
rotr.sys
rotw.sys
routew.dll
rozmchild.dll
rs32net.exe
rsdapi.dll
rssync.dll
sac32.dll
satau320.dll
satau325.sys
satad640.dll
satad645.sys
satdll.dll
satmmc.dll
savec32.dll
sbfxi.dll
sbrige.dll
sbunit.sys
scrcki32.dll
scrcwi32.dll
scsi2usb.dll
scsipsrvc.sys
scsiusr4.dll
sdcard98.dll
sdcardX2.sys
sd.dll
sd.sys
sdd.txt
se500mdm.dll
se500mdmd.sys
se633mxx.dll
se633mxxd.sys
set87.ini
sft.res
sha1hsh.dll
sha1krnl.sys
siemens32.dll
simcard1.dll
sincim32.dll
sklh.dat
skrb32.dll
sks2drvr.sys
sksdll.dll
sksdrvr2.sys
smb32.dll
sms.bat
smstf.dll
sn.txt
sndcom.dll
snjava.dll
snowx.ini
socket573.sys
socketx113.sys
sockins32.dll
sphub.dll
sphub.sys
spndt.sys
ssipod1.sys
st889.dat
status.dll
stt82.ini
stfilter.dll
strike12.dll
strike45.dll
surrd.sys
svc32.dll
svchstb.dll
svitch.sys
swapdm.dll
swapm.sys
swin32.dll
sxmg4.dll
symdb32.dll
syncm.sys
syncmc.sys
syncps.dll
sys32time.dll
syslink.dll
sysprint.dll
system.exe
tage32.dll
tb.dr
tconn1.dll
tcpG4T.dll
tcpGDC.dll
tcpwrk.dll
tehlink0.dll
tehlink5.sys
tkcom32.dll
tlove2.dll
tomto.dll
tomto.sys
torm.dll
torm1.dll
tremir.bin
trinf32.dll
udinfrm.dll
unifff.dll
UpperHost.dll
upsctrl0.dll
upsctrl3.sys
urikon.dll
urinon.dll
ursnon.dll
urunon.dll
urwnon.dll
utrmk.dll
utsync.dll
uvsync.sys
vbagz.sys
vgf32.dll
vkj.bin
vmbox2.dll
vmbox2.sys
vmmdiag32.exe
vxdgfx.sys
vxtnav.dll
vxvgfv.sys
wa114.ini
wartamd.sys
wartamll.dll
waxw2k.dll
wdh.bin
winprint.dll
winsms.bat
winsms.dll
wlite.sys
wmdconf32.dll
wmedia16.exe
wmldap.dll
wndtx1.dll
wnlogon.sys
wnlogow.sys
wrapkm.dll
wrapk.sys
wrmdrv.sys
wsmsge.dll
x86emul.sys
x8.xxd
xagkf32.dll
xartcd5.dll
xartcd7.sys
xatcore.dll
xcdkernl.sys
xcdmfree.dll
xd.bin
xd.txt
xdrve9d.sys
xg.ffc
xkeyshd.sys
xkeyshll.dll
xlift.sys
xlk.dll
xliftm.dll
xmd.dat
xprot.sys
xtav3des.dll
yvpp01.dll
yvpp02.sys
xwa.dll
zopenssl.dll
zopenssld.sys
zq.dll
zq.sys
zxcsedr.dll
zzddawert.dat

Other files / folders:
%System%\spool\c.ini
%System%\spool\desktops.ini
%System%\spool\dr.ini
%System%\Spool\hpprintqueue.exe
%System%\drivers\mrxdavv.sys

Terug naar de inhoud | Terug naar het hoofdmenu