GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-08-31 05:43:29 Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00FMA0 rev.13.03G13 0,00MB Running: yr931zdw.exe; Driver: C:\DOCUME~1\tenchika\USTAWI~1\Temp\pgldqpog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys ZwTerminateProcess [0xAE41D6B0] INT 0x62 ? 8A5ACCC8 INT 0x63 ? 8A456CC8 INT 0x73 ? 8A456CC8 INT 0x82 ? 8A5ACCC8 INT 0x83 ? 8A456CC8 INT 0x83 ? 8A456CC8 INT 0xB4 ? 8A456CC8 INT 0xB4 ? 8A456CC8 ---- Kernel code sections - GMER 2.1 ---- .sptd1 C:\WINNT\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF744C346] ---- User code sections - GMER 2.1 ---- .text C:\WINNT\system32\svchost.exe[212] USER32.dll!DialogBoxParamW 77D4737A 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINNT\system32\svchost.exe[300] USER32.dll!DialogBoxParamW 77D4737A 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\Documents and Settings\All Users\Dane aplikacji\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe[452] USER32.dll!DialogBoxParamW 77D4737A 5 Bytes JMP 10004760 C:\Documents and Settings\All Users\Dane aplikacji\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll .text C:\WINNT\System32\svchost.exe[464] USER32.dll!DialogBoxParamW 77D4737A 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text C:\WINNT\system32\svchost.exe[528] USER32.dll!DialogBoxParamW 77D4737A 5 Bytes JMP 10004760 c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll .text ... ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINNT\system32\svchost.exe[212] @ C:\WINNT\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[212] @ C:\WINNT\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[212] @ C:\WINNT\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[212] @ C:\WINNT\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[300] @ C:\WINNT\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[300] @ C:\WINNT\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[300] @ C:\WINNT\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[300] @ C:\WINNT\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\System32\svchost.exe[464] @ C:\WINNT\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\System32\svchost.exe[464] @ C:\WINNT\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\System32\svchost.exe[464] @ C:\WINNT\System32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\System32\svchost.exe[464] @ C:\WINNT\System32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[528] @ C:\WINNT\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[528] @ C:\WINNT\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[528] @ C:\WINNT\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[528] @ C:\WINNT\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\Explorer.EXE[1244] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [1000A130] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\Explorer.EXE[1244] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\Explorer.EXE[1244] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\Explorer.EXE[1244] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [1000A240] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\Explorer.EXE[1244] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll IAT C:\WINNT\system32\winlogon.exe[1888] @ C:\WINNT\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [1000A240] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\winlogon.exe[1888] @ C:\WINNT\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\winlogon.exe[1888] @ C:\WINNT\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\winlogon.exe[1888] @ C:\WINNT\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [1000A130] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\winlogon.exe[1888] @ C:\WINNT\system32\winlogon.exe [ntdll.dll!NtOpenFile] [1000A3B0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\winlogon.exe[1888] @ C:\WINNT\system32\winlogon.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\winlogon.exe[1888] @ C:\WINNT\system32\winlogon.exe [ntdll.dll!NtQueryValueKey] [1000E080] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\winlogon.exe[1888] @ C:\WINNT\system32\winlogon.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\winlogon.exe[1888] @ C:\WINNT\system32\winlogon.exe [ntdll.dll!NtSetValueKey] [1000E0F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\winlogon.exe[1888] @ C:\WINNT\system32\winlogon.exe [ntdll.dll!NtCreateKey] [1000E160] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [KERNEL32.dll!LoadLibraryW] [1000A240] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtCreateKey] [1000E160] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtQueryValueKey] [1000E080] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtSetValueKey] [1000E0F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtDeleteValueKey] [1000E360] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtEnumerateKey] [1000DFA0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtDeleteKey] [1000E310] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtSetInformationFile] [1000A560] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtQueryInformationFile] [10009AB0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtDeleteFile] [1000A510] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtOpenFile] [1000A3B0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtQueryKey] [10009A70] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\services.exe[1932] @ C:\WINNT\system32\services.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[2056] @ C:\WINNT\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[2056] @ C:\WINNT\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[2056] @ C:\WINNT\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[2056] @ C:\WINNT\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[2144] @ C:\WINNT\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000A190] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[2144] @ C:\WINNT\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000A1F0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[2144] @ C:\WINNT\system32\svchost.exe [ntdll.dll!NtOpenKey] [1000E1D0] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll IAT C:\WINNT\system32\svchost.exe[2144] @ C:\WINNT\system32\svchost.exe [ntdll.dll!NtClose] [1000E290] c:\docume~1\alluse~1\daneap~1\browse~1\261519~1.190\{c16c1~1\browse~1.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 8A5AB1F8 Device \FileSystem\Fastfat \FatCdrom 887AC430 Device \Driver\USBSTOR \Device\0000008e 89F6E1F8 Device \Driver\USBSTOR \Device\0000008f 89F6E1F8 Device \Driver\usbuhci \Device\USBPDO-0 8A37E1F8 Device \Driver\usbuhci \Device\USBPDO-1 8A37E1F8 Device \Driver\usbuhci \Device\USBPDO-2 8A37E1F8 Device \Driver\usbuhci \Device\USBPDO-3 8A37E1F8 Device \Driver\usbehci \Device\USBPDO-4 8A3651F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{87FB4999-CC3A-4802-BF84-C2FCAAD1449B} 8A0761F8 Device \Driver\Cdrom \Device\CdRom0 8A3E71F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A5AC1F8 Device \Driver\atapi \Device\Ide\IdePort0 8A5AC1F8 Device \Driver\atapi \Device\Ide\IdePort1 8A5AC1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A5AC1F8 Device \Driver\Cdrom \Device\CdRom1 8A3E71F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{D786ACFB-2A46-44B3-9D35-966E5035457E} 8A0761F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A0761F8 Device \Driver\NetBT \Device\NetbiosSmb 8A0761F8 Device \Driver\usbuhci \Device\USBFDO-0 8A37E1F8 Device \Driver\usbuhci \Device\USBFDO-1 8A37E1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 887D6430 Device \Driver\usbuhci \Device\USBFDO-2 8A37E1F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 887D6430 Device \Driver\usbuhci \Device\USBFDO-3 8A37E1F8 Device \Driver\usbehci \Device\USBFDO-4 8A3651F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{759C64E5-0821-49B9-9805-7C12C33AEF4E} 8A0761F8 Device \Driver\USBSTOR \Device\0000008c 89F6E1F8 Device \Driver\USBSTOR \Device\0000008d 89F6E1F8 Device \FileSystem\Fastfat \Fat 887AC430 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys Device \FileSystem\Cdfs \Cdfs 88868430 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a5ac1f8]<< 8a5ac1f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a56cab8] 8a56cab8 Trace 3 CLASSPNP.SYS[f74e805b] -> nt!IofCallDriver -> \Device\0000007d[0x8a55bf18] 8a55bf18 Trace 5 ACPI.sys[f7326620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a587940] 8a587940 Trace \Driver\atapi[0x8a56f448] -> IRP_MJ_CREATE -> 0x8a5ac1f8 8a5ac1f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x11 0xB9 0xAE 0xE6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0xF6 0x68 0x74 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x11 0xB9 0xAE 0xE6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC4 0xF6 0x68 0x74 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x11 0xB9 0xAE 0xE6 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 1354931194 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30320061 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 1354931194 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30320061 ---- EOF - GMER 2.1 ----