Help Help VIRUS VIRUS(I guess)

swatkat · Oct 9, 2006

Hi,
Rootkit Revealer log looks clean.

HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 8/22/2006 8:31 PM 0 bytes Access is denied.

The above entry is related to Daemon Tools software. Do you have it in yout system?

By the way, download WinPFind.ZIP and completely extract it to a folder. Boot into Safe Mode and then run WinPFind.exe and click "Start Scan". When the scan completes, copy the results of WinPFind and save it in a text file.

Reboot the PC to Normal Mode, and post back the contents of that text file.

ashu_dps · Oct 10, 2006

Okay swatkat m gonna do this nw but yesterday again it all repeated when i was using IE 7 with 8 or 9 tabs open. I had to first close the tab in which i was working when prblm occured to recover bt it was just momentary allowing just right click and all the items from right click menu of programs except 'properties', and 'paste' vanished and 'cut' n 'copy' were diabled!
Also had only these items along with 'arrange icons' when right clicked on desktop bt no 'properties' here. Finally had to close all the tabs and the IE after which everything became almost normal except the taskmanager which appeared with just borders refused to go though the normal taskmanager started working.Finally had to restart to remove it.

ashu_dps · Oct 12, 2006

Hi friends here's the WinPFind log

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/10/2006 10:19:35 PM
WinPFind v1.5.0 Folder = C:\Downloads\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5700.6)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 9/25/2006 9:15:08 PM 666240 C:\WINDOWS\SYSTEM32\aswBoot.exe ()
UPX! 7/9/2004 2:17:04 PM 167936 C:\WINDOWS\SYSTEM32\CoreAAC.ax ()
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
PEC2 8/10/2004 3:30:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PTech 8/7/2006 9:50:22 AM 1484592 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
PECompact2 9/11/2006 11:07:22 PM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 9/11/2006 11:07:22 PM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/10/2004 3:30:00 PM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/10/2004 3:30:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/10/2004 3:30:00 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/10/2004 3:30:00 PM 657408 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 11/8/2003 4:04:00 PM 36864 C:\WINDOWS\SYSTEM32\RLMPCDec.ax (RadLight)
WSUD 5/9/2006 10:26:34 PM 7706112 C:\WINDOWS\SYSTEM32\SET8D.tmp (Microsoft Corporation)
winsync 8/10/2004 3:30:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
WSUD 5/9/2006 10:26:34 PM 9803264 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PEC2 2/28/2006 4:57:22 PM 84836 C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys (IVT Corporation)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/10/2006 10:18:00 PM S 2048 C:\WINDOWS\bootstat.dat ()
10/10/2006 7:37:42 PM RH 424 C:\WINDOWS\ctfile.rfc ()
9/11/2006 7:45:36 PM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme ()
9/11/2006 7:45:36 PM RH 0 C:\WINDOWS\assembly\pubpol14.dat ()
8/26/2006 3:05:28 AM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat ()
10/10/2006 10:16:34 PM S 64 C:\WINDOWS\CSC\00000001 ()
9/22/2006 10:47:44 PM S 64 C:\WINDOWS\CSC\00000002 ()
9/19/2006 10:54:04 PM S 64 C:\WINDOWS\CSC\csc1.tmp ()
9/12/2006 9:49:40 PM H 10820 C:\WINDOWS\Help\nocontnt.GID ()
8/22/2006 6:24:38 PM H 0 C:\WINDOWS\inf\oem21.inf ()
8/27/2006 8:20:52 PM RHS 88 C:\WINDOWS\system32\95F07293F2.sys ()
8/27/2006 1:41:18 PM RHS 56 C:\WINDOWS\system32\F29372F095.sys ()
9/9/2006 11:34:02 PM HS 5904 C:\WINDOWS\system32\KGyGaAvL.sys ()
9/17/2006 11:05:10 PM H 4212 C:\WINDOWS\system32\zllictbl.dat ()
8/23/2006 12:31:52 AM S 42004 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat ()
8/21/2006 6:30:10 PM S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
10/10/2006 10:18:08 PM H 12288 C:\WINDOWS\system32\config\default.LOG ()
10/10/2006 10:18:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/10/2006 10:18:00 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/10/2006 10:18:48 PM H 221184 C:\WINDOWS\system32\config\software.LOG ()
10/10/2006 10:17:58 PM H 1470464 C:\WINDOWS\system32\config\system.LOG ()
10/5/2006 7:30:08 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
10/10/2006 7:23:52 PM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ()
8/23/2006 4:35:26 AM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini ()
8/23/2006 4:35:26 AM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini ()
8/23/2006 4:35:26 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini ()
8/23/2006 4:35:26 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini ()
8/23/2006 4:35:26 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2LKJIPKV\desktop.ini ()
8/23/2006 4:35:26 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\457VZRMA\desktop.ini ()
8/23/2006 4:35:26 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PY7M57J5\desktop.ini ()
8/23/2006 4:35:26 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZZQR3XPB\desktop.ini ()
10/10/2006 10:16:44 PM HS 2589472 C:\WINDOWS\system32\drivers\fidbox.dat ()
10/10/2006 10:16:44 PM HS 40976 C:\WINDOWS\system32\drivers\fidbox.idx ()
10/10/2006 10:16:44 PM HS 31264 C:\WINDOWS\system32\drivers\fidbox2.dat ()
10/10/2006 10:16:44 PM HS 7112 C:\WINDOWS\system32\drivers\fidbox2.idx ()
8/22/2006 9:38:16 PM H 0 C:\WINDOWS\system32\drivers\umdf\MsftWdf_user_01_00_00.Wdf ()
8/24/2006 8:18:00 PM H 81 C:\WINDOWS\system32\GroupPolicy\Adm\admfiles.ini ()
8/22/2006 7:54:58 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\237ce638-7f0b-436e-aa4b-fedfecf9427a ()
8/23/2006 4:35:26 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\32d837f5-4081-4f45-a2f5-aa17112eeb69 ()
8/23/2006 4:35:26 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\c2936e72-0e32-40b7-8a94-18a0ca903765 ()
8/22/2006 7:54:58 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
8/22/2006 8:12:56 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1301eb3b-ef4b-46b5-8854-146bb7aca9e1 ()
8/23/2006 4:35:26 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\56173ed6-d286-45de-bd07-7d8f0d688611 ()
8/23/2006 4:35:26 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\69749332-27bd-4f26-99f7-37c4000e45c8 ()
8/23/2006 4:35:26 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b2ce02c1-c4a6-4692-a251-d5bb0186cd6a ()
8/23/2006 4:35:26 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\fd544eda-6982-4d96-81cf-60681210f004 ()
8/22/2006 8:12:56 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
10/10/2006 10:21:26 PM H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job ()
10/10/2006 10:16:36 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/10/2004 3:30:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 654848 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
7/14/2005 3:25:56 AM 24576 C:\WINDOWS\SYSTEM32\BACSCPL.cpl ()
12/19/2005 6:38:32 PM 3096576 C:\WINDOWS\SYSTEM32\BCMWLCPL.CPL (Dell Inc.)
8/10/2004 3:30:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 470528 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/23/2006 12:18:08 AM 3194368 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 266240 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
6/10/2005 9:13:18 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/10/2004 3:30:00 PM 205312 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/20/2003 4:18:12 AM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems)
8/10/2004 3:30:00 PM 629248 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 902656 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 167936 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
4/7/2006 1:27:34 AM 172032 C:\WINDOWS\SYSTEM32\NicConfigSvc.cpl (Dell Inc.)
8/10/2004 3:30:00 PM 403968 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 380416 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
1/7/2004 2:32:36 AM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
11/17/2005 1:05:32 AM 7405568 C:\WINDOWS\SYSTEM32\stacgui.cpl (SigmaTel, Inc.)
8/10/2004 3:30:00 PM 471040 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 166400 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 230400 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/10/2004 3:30:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/23/2006 12:18:08 AM 3194368 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
8/4/2003 2:05:14 PM 73728 C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl (Socket Communications Inc.)

Checking for Downloaded Program Files...
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = *download.microsoft.com/download/b/e/5/be592e3e-4442-4588-b01e-8fe3a2e104ac/LegitCheckControl.cab
{215B8138-A3CF-44C5-803F-8226143CFC0A} - Trend Micro ActiveX Scan Agent 6.5 - CodeBase = *housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - - CodeBase = *download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
{4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - WebIQ Technology Client - CodeBase = *www.webiqonline.com/WebIQ/bin/WebIQ.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = *update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156251078197
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.4.2_03 - CodeBase = *java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = *java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/16/2005 3:13:08 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/16/2005 3:03:26 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
5/26/2006 11:20:22 PM H 4 C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare ()

Checking files in %USERPROFILE%\Startup folder...
8/16/2005 3:13:08 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
8/16/2005 3:03:26 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - *go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
\\Search Page - *go.microsoft.com/fwlink/?LinkId=54896
\\Default_Page_URL - *go.microsoft.com/fwlink/?LinkId=54729
\\Default_Search_URL - *go.microsoft.com/fwlink/?LinkId=54896
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - *www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
\\Search Bar - *www.google.com/hws/sb/dell-inc/en/side.html?channel=us
\\Search Page - *www.google.com/hws/sb/dell-inc/en/side.html?channel=us
\\Default_Page_URL - *www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - *ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - *www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{089FD14D-132B-48FC-8861-0048AE113215} - = C:\Program Files\SiteAdvisor\4144\SiteAdv.dll (McAfee, Inc.)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
\{724d43a9-0d85-11d4-9908-00400523e39a} - = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)
\{CA6319C0-31B7-401E-A518-A07C3DB8F777} - CBrowserHelperObject Object = c:\Program Files\BAE\BAE.dll (Dell Inc.)
\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - FDMIECookiesBHO Class = C:\Program Files\Free Download Manager\iefdmcks.dll ()
\{E5A1691B-D188-4419-AD02-90002030B8EE} - FlashFXP Helper for Internet Explorer = C:\PROGRA~1\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
\\{0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor = C:\Program Files\SiteAdvisor\4144\SiteAdv.dll (McAfee, Inc.)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8195
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = ()
\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - ButtonText: Web Anti-Virus =
\{320AF880-6646-11D3-ABEE-C5DBF3571F46} - ButtonText: Fill Forms = file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
\{320AF880-6646-11D3-ABEE-C5DBF3571F49} - ButtonText: Save = file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
\{724d43aa-0d85-11d4-9908-00400523e39a} - ButtonText: RoboForm = file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
\{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - MenuText: = ()
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{2F603045-309F-11CF-9774-0020AFD0CFF6} - Synaptics Control Panel = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} - PowerISO = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.)
\\{6DEA92E9-8682-4b6a-97DE-354772FE5727} - Autodesk DWF Preview = C:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll (Autodesk)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
\\{7842554E-6BED-11D2-8CDB-B05550C10000} - Monitor = ()
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{D9872D13-7651-4471-9EEE-F0A00218BEBB} - Multiscan = ()
\\{ABC70703-32AF-11d4-90C4-D483A70F4825} - CMenuExtender = C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll (Revenger inc.)
\\{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - PhoneBrowser = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll (Nokia)
\\{85E0B171-04FA-11D1-B7DA-00A0C90348D6} - Web Anti-Virus = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll (Kaspersky Lab)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll (Kaspersky Lab)
\MagicISO - {DB85C504-C730-49DD-BEC1-7B39C6103B7A} = C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.)
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.)
\VIDEOTRANS - {548773BA-874E-4C02-9DC7-B7A096772C7D} = C:\Program Files\MP3 Player Utilities 3.57\AMVTools\SrcCount.dll ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\CMenuExtender - {ABC70703-32AF-11d4-90C4-D483A70F4825} = C:\WINDOWS\BricoPacks\Vista Inspirat\iColorFolder\CMExt.dll (Revenger inc.)
\MagicISO - {DB85C504-C730-49DD-BEC1-7B39C6103B7A} = C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.)
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\ACE - {5E2121EE-0300-11D4-8D3B-444553540000} = ()

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll (Kaspersky Lab)
\MagicISO - {DB85C504-C730-49DD-BEC1-7B39C6103B7A} = C:\Program Files\MagicISO\misosh.dll (MagicISO, Inc.)
\PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
WinPatrol - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Dell QuickSet - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
Comodo Firewall - C:\Program Files\Comodo\Firewall\CPF.exe (COMODO)
kav - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (Kaspersky Lab)
- Reg Data missing or invalid ()
DU Meter - C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ModemOnHold - C:\Program Files\NetWaiting\netWaiting.exe ()
SetDefaultMIDI - C:\WINDOWS\MIDIDef.exe (Creative Technology Ltd)
Creative Detector - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
Creative MediaSource Go - C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe (Creative Technology Ltd)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
DellSupport - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
NeroHomeFirstStart - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avast!
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ashDisp
hkey HKLM
command C:\Program Files\Alwil Software\Avast4\ashDisp.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BootSkin Startup Jobs
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BootSkin
hkey HKLM
command "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DU Meter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DUMeter
hkey HKLM
command C:\Program Files\DU Meter\DUMeter.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogonStudio
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item logonstudio
hkey HKLM
command "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryMechanic
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
interceptor.dll = ()
c:\progra~1\google\google~1\goec62~1.dll = ()

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WIFD1F~1\MpShHook.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{553858A7-4922-4e7e-B1C1-97140C1C16EF} - IE Component Categories cache daemon = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\klogon - C:\WINDOWS\system32\klogon.dll = (Kaspersky Lab)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{06C5A67A-D3B3-44BB-A720-250F0558BBBA} - ()
{1C175713-4BA4-41CD-8167-7429440AA674} - (Dell Wireless 1390 WLAN Mini-Card)
{22A44524-3ACE-4A87-9EC5-3ECC7A3EE289} - ()
{42AF37AC-168F-4B11-BDF7-B1802A08F2BE} - ()
{528DC9C9-97BF-4D71-8C20-8D06BA46E2D0} - ()
{5320E7A7-E5DE-408A-8338-3F23529D33F5} - ()
{58C71BF5-BED8-4169-AFFF-02204BF8B8A9} - ()
{738C671B-69B8-4B6D-BED9-8794A112D6A3} - ()
{80D4FE97-C5E0-4513-A7A1-6E4F50BCD4E9} - ()
{8DFCAAE6-DC73-4BE0-8DF0-F514FA4A928C} - (1394 Net Adapter)
{94F4D9C0-9E1C-476A-A3DD-4C86F054BABD} - ()
{AB491B64-1924-46D3-848D-E56323254D0C} - ()
{B0BBC400-63F0-43D6-9DA3-465846523D8F} - 172.16.1.1 (Broadcom 440x 10/100 Integrated Controller)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000004\\LibraryPath - %SystemRoot%\system32\wshbth.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000026\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000027\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000028\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000029\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000030\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000031\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000032\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000033\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000034\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000035\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000036\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000037\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000038\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000039\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000040\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
\siteadvisor - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll (McAfee, Inc.)

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
__________
No reply till now ??????????

JGuru · Oct 13, 2006

@Ashu_dps, looks like the Virus or some malicious program is still there!!!
That's why you get all these problems like right-click disabled, etc.,
It's better that you format your harddisk & reinstall Windows.

ashu_dps · Oct 13, 2006

Thats quite an easy task for me on DELL laptop as i have an image on seprate partition bt it really hurts to go over the installation of all different softwares again n loose all the updates!!!
Cant we trace it out n remove it ?

swatkat · Oct 13, 2006

Hi,

Make Windows to show all files:-
Go to Start > My Computer. Go to Tools menu, click Folder Options. Uncheck Hide protected operating system files. Then, click to select the option Show hidden files and folders. Click Apply and then click OK to exit.

Next, upload and scan these files at *scanner.virus.org/ :-
C:\WINDOWS\ctfile.rfc
C:\WINDOWS\assembly\PublisherPolicy.tme
C:\WINDOWS\assembly\pubpol14.dat
C:\WINDOWS\system32\95F07293F2.sys
C:\WINDOWS\system32\F29372F095.sys

Also, perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). While scanning, choose "My Computer" as scanning target. Save the log it gives after the scan and post back the same, along the scan results of above mentioned files.

ashu_dps · Oct 14, 2006

@ swatkat : Hi swat i couldnt find any file other than the first one mentioned neither in safe mode nor in normal despite making all hidden files visible n even searching them!!!!!
Now what ?

swatkat · Oct 14, 2006

Hi,
Download GMER.zip and extract it to a folder. Run GMER.exe and click "Rootkit" tab. Here, in the right-side pane, make sure that these scan targets are selected:-

System
Devices
Processes
Libraries
Modules
Services
Registry
Files

and select ALL the hard disk drives shown by GMER.

Note: Do NOT select "Show All" option.

Finally, click "Scan". This scan takes a while. After the scan's complete, copy the log and post it back here.

ashu_dps · Oct 15, 2006

Her's the GMER log

GMER 1.0.11.11390 - *www.gmer.net
Rootkit 2006-10-15 02:55:16
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.11 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreatePort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86FD1708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86FD1708
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86C41EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86C41EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 86FD1EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 86FD1EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 86FD10E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86CD2AB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86CD2AB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86CD2AB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86CD2AB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86CD2AB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86CD2AB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CD2AB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86CD2AB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86CD2AB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86CD2AB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86CD2AB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86A36EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86A36EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86CD2AB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86CD2AB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86CD2AB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86CD2AB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86CD2AB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86CD2AB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CD2AB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86CD2AB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86CD2AB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86CD2AB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86CD2AB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 86FD10E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86CD2AB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86CD2AB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86CD2AB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86CD2AB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86CD2AB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86CD2AB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CD2AB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86CD2AB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86CD2AB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86CD2AB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86CD2AB0
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 86FD10E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5320E7A7-E5DE-408A-8338-3F23529D33F5} IRP_MJ_CREATE 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{5320E7A7-E5DE-408A-8338-3F23529D33F5} IRP_MJ_CLOSE 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{5320E7A7-E5DE-408A-8338-3F23529D33F5} IRP_MJ_DEVICE_CONTROL 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{5320E7A7-E5DE-408A-8338-3F23529D33F5} IRP_MJ_INTERNAL_DEVICE_CONTROL 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{5320E7A7-E5DE-408A-8338-3F23529D33F5} IRP_MJ_CLEANUP 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{5320E7A7-E5DE-408A-8338-3F23529D33F5} IRP_MJ_PNP 86C35E20
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_READ 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_WRITE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CLEANUP 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_POWER 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_PNP 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_CREATE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_READ 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_WRITE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_FLUSH_BUFFERS 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_SHUTDOWN 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_CLEANUP 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_POWER 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_SYSTEM_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_PNP 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_CREATE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_READ 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_WRITE 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_FLUSH_BUFFERS 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_SHUTDOWN 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_CLEANUP 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_POWER 86FD10E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_SYSTEM_CONTROL 86FD10E8

ashu_dps · Oct 15, 2006

Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_PNP 86FD10E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86C35E20
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86C35E20
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86C35E20
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86C35E20
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86C35E20
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0BBC400-63F0-43D6-9DA3-465846523D8F} IRP_MJ_CREATE 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0BBC400-63F0-43D6-9DA3-465846523D8F} IRP_MJ_CLOSE 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0BBC400-63F0-43D6-9DA3-465846523D8F} IRP_MJ_DEVICE_CONTROL 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0BBC400-63F0-43D6-9DA3-465846523D8F} IRP_MJ_INTERNAL_DEVICE_CONTROL 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0BBC400-63F0-43D6-9DA3-465846523D8F} IRP_MJ_CLEANUP 86C35E20
Device \Driver\NetBT \Device\NetBT_Tcpip_{B0BBC400-63F0-43D6-9DA3-465846523D8F} IRP_MJ_PNP 86C35E20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86C35E20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86C35E20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86C35E20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86C35E20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86C35E20
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86C35E20
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 86FD19C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 86FD19C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 86FD19C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 86FD19C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 86FD19C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 86FD19C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD19C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 86FD19C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 86FD19C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 86FD19C0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 86FD19C0
Device \Driver\00000120 \Device\0000006b IRP_MJ_POWER [F7323F68] sptd.sys
Device \Driver\00000120 \Device\0000006b IRP_MJ_SYSTEM_CONTROL [F7338A70] sptd.sys
Device \Driver\00000120 \Device\0000006b IRP_MJ_PNP [F7331728] sptd.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86A324C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86A324C8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 86A4D798
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 86A4D798
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86FD10E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 86FD10E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 86FD10E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 86FD10E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 86FD10E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 86FD10E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 86FD10E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 86FD10E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 86FD10E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 86A280E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 86A280E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_CREATE 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_CLOSE 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_POWER 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_PNP 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 86B11EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 86B11EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 86C41EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 86C41EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [EB37F912] DLAIFS_M.SYS
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8694C868
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8694C868

---- Threads - GMER 1.0.11 ----

Thread 4:168 86D7E950
Thread 4:172 86D5EC60
Thread 4:176 86D5EC60
Thread 4:560 86D7E950
Thread 4:952 86D7E950
Thread 4:1096 86D7E950

---- Registry - GMER 1.0.11 ----

Reg \Registry\USER\S-1-5-21-1992511848-3998705894-1547661245-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76945258-12F3-0BA3-D431-F592A30CD47E}@iafcpgcabllcbdgple 0x6A 0x61 0x6B 0x62 ...
Reg \Registry\USER\S-1-5-21-1992511848-3998705894-1547661245-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76945258-12F3-0BA3-D431-F592A30CD47E}@hapcngkgbpihbcep 0x6A 0x61 0x6B 0x62 ...

---- Files - GMER 1.0.11 ----

ADS C:\Documents and Settings\All Users\Application Data\Symantec\hpc:468323563
ADS C:\Documents and Settings\Ashutosh Kumar\Desktop\Accesories:Roxio EMC Stream
ADS C:\Documents and Settings\Ashutosh Kumar\Desktop\Accesories\New Folder:Roxio EMC Stream
ADS C:\Documents and Settings\Ashutosh Kumar\Desktop\Accesories\New Folder\6.bmp:Roxio EMC Stream
ADS C:\Documents and Settings\Ashutosh Kumar\Desktop\Accesories\New Folder\6.jpg:Roxio EMC Stream
ADS ...
ADS D:\Ashutosh\Bethesda:Roxio EMC Stream
ADS D:\Ashutosh\Bethesda\Call of Cthulhu:Roxio EMC Stream
ADS D:\Ashutosh\Bethesda\Call of Cthulhu\A Visit to the Old Town 8-14-2006 4.37.58 PM:Roxio EMC Stream
ADS D:\Ashutosh\Bethesda\Call of Cthulhu\A Visit to the Old Town 8-14-2006 6.00.54 PM:Roxio EMC Stream
ADS D:\Ashutosh\Bethesda\Call of Cthulhu\A Visit to the Old Town 8-14-2006 6.09.43 PM:Roxio EMC Stream
ADS D:\Ashutosh\Bethesda\Call of Cthulhu\AutoSave:Roxio EMC Stream
ADS D:\Ashutosh\Bethesda\Call of Cthulhu\Options:Roxio EMC Stream
ADS ...
ADS ...
ADS F:\Backup\Setup Files\Games\games\MARIO\MARIO.EXE:SummaryInformation
ADS F:\Backup\Setup Files\Games\games\MARIO\MARIO.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS ...
ADS G:\Games\The Da Vinci Code\TheDaVinciCode.exe:{0251211D-3EA7-6FA8-5CC9-77969833C397}

---- EOF - GMER 1.0.11 ----

ashu_dps · Oct 17, 2006

NO REPLIES ?????
Okay anywayz the problem worsened, so i finally formatted the drive, had no option left n no help at hand.
Anywayz thanks for all those who responded.

Help Help VIRUS VIRUS(I guess)

swatkat

Technomancer

ashu_dps

Hell Sucks!!!

ashu_dps

Hell Sucks!!!

JGuru

Wise Old Owl

ashu_dps

Hell Sucks!!!

swatkat

Technomancer

ashu_dps

Hell Sucks!!!

swatkat

Technomancer

ashu_dps

Hell Sucks!!!

ashu_dps

Hell Sucks!!!

ashu_dps

Hell Sucks!!!