Can not run explorer.exe

[Aaflac]

Please open Notepad
Copy/paste the following blue text to it:

ECHO OFF
If exist exp.txt Del exp.txt
Dir C:\Windows\Explorer.* /A >> exp.txt
Dir C:\Windows\System32\Explorer.* /A >> exp.txt
Start exp.txt

Save the file to the Desktop as exp.bat
Save as type: All files
Close out of Notepad

Double-click on exp.bat and provide its contents in your reply.



Again, open Notepad
Copy/paste the following blue text to it:

regedit /e c:\rkey.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsft\Windows NT\CurrentVersion\Image File Execution Options"

Save the file to the Desktop as rkey.bat
Choose to Save as type: All files
Close out of Notepad

Double-click on rkey.bat and also provide its contents in your reply.

[sohil]

Hi Aaflac,

Here is contens of exp.txt
Volume in drive C has no label.
Volume Serial Number is 0444-E03B

Directory of C:\Windows

27/07/2007 05:26 1,032,192 explorer.exe
13/06/2007 10:23 1,033,216 explorer.exe.tmp
27/07/2007 05:26 80 explorer.scf
3 File(s) 2,065,488 bytes
0 Dir(s) 6,795,030,528 bytes free
Volume in drive C has no label.
Volume Serial Number is 0444-E03B

Directory of C:\Windows\System32


But rkey.bat doesnt show any contents, it just open a dos command screen for 1-2 seconds and then nothig....

Regards
Sohil

[Aaflac]

Please run Notepad again and paste the following text in it:

attrib -r -h -s C:\WINDOWS\explorer.exe.tmp
del C:\WINDOWS\explorer.exe.tmp

Save the file to the Desktop as remove.bat
Make sure the Save as Type field says: "All Files"

Then go to the Desktop and double-click on remove.bat

Restart the computer.

If no luck, the file needed to open the User Accounts applet is nusrmgr.cpl
Can you run nusrmgr.cpl as a new task?

Then, create a new account with Administrative Rights.

Once done, attempt to log on throughout that account.
Does Explorer run?


Also, you were using HijackThis version 2.0.2, and now you are using version 1.99.1

Please remove version 1.99.1 it is out dated. Use version 2.0.2 every time you post a new log.

[sohil]

Hi Aaflac,

I have tried both option but still no luck. Still explorer is not runnig.

Is there any other option rather tehn formatting???

Regards
Sohil

[Aaflac]

Let's try the following:

Please go to the following website: Kellys Korner

First, read the download instructions at the top, and then download and run the following:

1. Restore Taskbar and Start Menu, item #117
2. Restore Desktop Icons and Taskbar, on the right side of item #195

See if that works.

[sohil]

Hi Aaflac,

I have tried both option but no luck yet.

Regards
Sohil

[Aaflac]

We can take a shot at troubleshooting the issue through what is called a 'Clean Boot'. It is the process of disabling and removing some programs and drivers from the Windows startup process. The goal is to turn off the service or program that is causing the problem.

Note that following these steps may result in the temporary loss of some functionality, and restoring the settings may return the original problem.

To perform this, your user account must have Administrator privilege.

Then, follow these steps:

• Click Start > Run, and in the Open area type: msconfig
• Click: OK
• Select the General tab and click: Selective Startup
• Uncheck the boxes except: Use Original Boot.ini
• Click: OK
• Restart the computer.

When it restarts, a dialogue box warning about running in selective startup appears. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK".

When you restart the system see if the explorer.exe problem is gone.

Hopefully, when you restart, Explorer.exe may be working. If not, there must be something wrong with the Windows Installation, and, as mentioned before, you may need to reinstall or repair Windows XP.

If the issue does not occur in Selective Startup, do the following:

• Go to Start > Run, and once again type: msconfig
• On the General tab, select/check: Process SYSTEM.INI File
• Click OK
• Restart the computer.

If the problem reappears, then the issue may be with an entry in the System.ini file.

If the problem does not reoccur, run msconfig again and select: Process WIN.INI file.

Continue with this process until the issue reappears, selecting one of each item such as the Load Startup Items, and, Load System Services checkboxes.
If the issue reappears for any of the selected entries, you will need to edit that particular item.

For example, if the problem reappears after selecting the Win.ini file, you need to click the Win.ini tab in System Configuration Utility to edit that configuration file.

Continue this process and see if you can locate what is causing the problem.

Post back the results.

~~~~
If no progress, please download to the Desktop: GMER
Right click the zipped file and select: Extract all
Follow the Extraction Wizard prompts

Start the program by double clicking: GMER.exe
If a security warning appears, allow the program to run
If GMER detects rootkit activity, you are prompted to scan immediately
Click Yes to begin the scan

If you are not prompted to Scan:
Click the Rootkit tab
Make sure all the boxes on the right of the screen are checked, except for "Show All"
Click the Scan button.

Once the scan is done, click: Copy

Please provide the GMER results in your reply.

[sohil]

Hi Aaflac,

msconfig step didnt work. Following is result of GMER

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-08 0533
Windows 5.1.2600 Service Pack 2


---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceA] [6F8A063A] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F29F47E0] naiavf5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE F26A9C8A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE F26A67C8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ F26A260A
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE F26A2AED
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION F26AD958
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION F26B0821
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA F26B938A
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA F26B8D49
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS F26B2BBE
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION F26B3331
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION F26C14F4
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL F26A9B37
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL F26A5948
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL F26AF46B
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN F26C079D
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL F26BFC4A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP F26A62FD
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP F26C01DB
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible F26BB1F9

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F29F47E0] naiavf5x.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [F35FD89D] tfsnifs.sys

---- EOF - GMER 1.0.13 ----

Waiting for your next set of instruction

Regards
Sohil

[sohil]

Hi Aaflac,

msconfig option didnt work.

Following is result for GMER.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-08 0533
Windows 5.1.2600 Service Pack 2


---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceA] [6F8A063A] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F29F47E0] naiavf5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE F26A9C8A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE F26A67C8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ F26A260A
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE F26A2AED
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION F26AD958
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION F26B0821
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA F26B938A
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA F26B8D49
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS F26B2BBE
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION F26B3331
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION F26C14F4
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL F26A9B37
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL F26A5948
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL F26AF46B
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN F26C079D
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL F26BFC4A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP F26A62FD
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP F26C01DB
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible F26BB1F9

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F29F47E0] naiavf5x.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [F35FD89D] tfsnifs.sys

---- EOF - GMER 1.0.13 ----

Waiting for your next set of instruction.

Regards
Sohil

[sohil]

Hi Aaflac,

msconfig option didnt work.

Following is result for GMER.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-08 0533
Windows 5.1.2600 Service Pack 2


---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceA] [6F8A063A] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!ControlService] [6F8A0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!OpenServiceW] [6F8A065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[784] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F29F47E0] naiavf5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F86D9980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F86D99A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F86D9A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86D99E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F86D99C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F86D9400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F86D9400] mvstdi5x.sys

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE F26A9C8A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE F26A67C8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ F26A260A
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE F26A2AED
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION F26AD958
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION F26B0821
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA F26B938A
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA F26B8D49
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS F26B2BBE
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION F26B3331
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION F26C14F4
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL F26A9B37
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL F26A5948
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL F26AF46B
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN F26C079D
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL F26BFC4A
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP F26A62FD
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP F26C01DB
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible F26BB1F9

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F29F47E0] naiavf5x.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F29F47E0] naiavf5x.sys

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [F35FD701] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [F35FD89D] tfsnifs.sys

---- EOF - GMER 1.0.13 ----

Waiting for your next set of instruction.

Regards
Sohil

[Ried]

Hello again, sohil.

I'd like to thank Aaflac for taking the time to continue with me while I was away. It is greatly appreciated.

Download StartupList and extract the contents.

Run StartupList.exe, this may take a few minutes. When it's ready, go to File>Save as, and save the report to a location you can find. Post the results here.

-----------------------------------------------------------------

I'd also like to see the entire report that was produced by DrWeb--the details of all this:

Quote:

Dr. Web results

Scanned files:- 313948
Infected:- 1192
Modifications:- 1
Suspicious:- 5
Adware:- 34
Dialers:- 0
Jokes:- 0
Riskware:- 1
Hacktools:-0
Cured:- 0
Deleted:- 836
Renamed:- 0
Moved:- 358
Ignored:- 0

If the report is too large to post, zip it up and attach it. To do this, right click the DrWeb Report and select Send To>Compressed (zipped) folder. then attach that zipped folder in your next reply via the Manage Attachments button you'll see if you scroll down a bit when your reply box is opened.

[sohil]

Hi Reid,

I have attached startup.txt. For Dr.web curetit report, I can not locate report. So plz guide me how to save repot. I will scan system again and will attach report.

Regards
Sohil

[Ried]

You don't still have the DrWeb Report on your desktop? The report would be called DrWeb.csv

[sohil]

Hi Ried,

I have curit.exe on desktop but there os no file like DrWeeb.csv

Regards
Sohil

[Ried]

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix). Do not run it yet.

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:

File::
C:\Program Files\Internet Explorer\IEXPLORE32.win
C:\Program Files\Internet Explorer\IEXPLORE32.Sys
C:\WINDOWS\system32\servet.exe
C:\WINDOWS\system32\4.exe
C:\WINDOWS\system32\5.exe

Driver::
ip6fw.sys
Applic ato
avrthy
zxcgjmkxvb

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

After ComboFix has completed....

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.

--------------------------------------------------------------------

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Please return with the following:

C:\ComboFix.txt
C:\SDFix\Report.txt
Kaspersky results
Update on system behavior

[sohil]

Hi Ried,

Unfortunatlly SDFix is not able ot get back desktop icon. When it finished, taskbar just flasged for a second and disappear agia. I also can not able to run IE, so not able to scan system through Kaspersky. I have tried to run explorer.exe form task manager but still its not working. Just flash taskbar for a second. Also not able to run IE from taskbar.


combofix.txt

ComboFix 07-11-04.1 - Sohil Patel 2007-11-10 3:48:52.11 - NTFSx86
Running from: C:\Documents and Settings\Sohil Patel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sohil Patel\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\Program Files\Internet Explorer\IEXPLORE32.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.win
C:\WINDOWS\system32\4.exe
C:\WINDOWS\system32\5.exe
C:\WINDOWS\system32\servet.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 )))))))))))))))))))))))))))))))
.

2007-11-08 02:40 <DIR> d-------- C:\picture
2007-11-08 02:15 <DIR> d-------- C:\Program Files\Bonjour
2007-11-08 02:14 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2007-11-08 02:14 307,200 --a------ C:\WINDOWS\system32\KPDPM.dll
2007-11-08 02:14 229,376 --a------ C:\WINDOWS\system32\KPDPMUI.dll
2007-11-08 02:14 64,512 --a------ C:\WINDOWS\system32\PTPITCP.dll
2007-11-08 02:13 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-11-08 02:12 <DIR> d-------- C:\WINDOWS\system32\color
2007-11-08 02:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-11-08 02:05 <DIR> d-------- C:\Program Files\Kodak
2007-11-07 02:37 <DIR> d-------- C:\Documents and Settings\try\Application Data\You've Got Pictures Screensaver
2007-11-07 02:37 <DIR> d-------- C:\Documents and Settings\try\Application Data\Symantec
2007-11-07 02:37 <DIR> d-------- C:\Documents and Settings\try\Application Data\Jasc Software Inc
2007-11-07 02:37 <DIR> d-------- C:\Documents and Settings\try\Application Data\Intel
2007-11-07 02:37 <DIR> d-------- C:\Documents and Settings\try\Application Data\AOL
2007-11-05 04:41 126,976 --a------ C:\zip.exe
2007-11-01 08:55 <DIR> d-------- C:\Deckard
2007-11-01 04:11 <DIR> d-------- C:\Documents and Settings\Sohil Patel\DoctorWeb
2007-10-31 02:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-30 04:14 <DIR> d-------- C:\Program Files\Grisoft(2)
2007-10-17 11:59 <DIR> d-------- C:\New Folder
2007-10-15 14:16 <DIR> d-------- C:\Program Files\Common Files\snp2std
2007-10-15 14:16 12,028,032 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2007-10-15 14:16 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2007-10-15 14:16 349,472 --a------ C:\WINDOWS\WindowsXP-KB822603-x86.exe
2007-10-15 14:16 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2007-10-15 14:16 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2007-10-15 14:16 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2007-10-15 14:16 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2007-10-15 14:16 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2007-10-15 14:16 20,480 --a------ C:\WINDOWS\FixCamera.exe
2007-10-15 14:15 <DIR> d-------- C:\Documents and Settings\Sohil Patel\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 02:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-01 08:55 --------- d-----w C:\Program Files\DellSupport
2007-10-31 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-31 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-30 05:52 --------- d-----w C:\Program Files\Opera
2007-10-01 05:18 --------- d-----w C:\Program Files\SopCast
2007-10-01 05:18 --------- d-----w C:\Documents and Settings\Sohil Patel\Application Data\SopCast
2007-09-24 13:22 45,056 ----a-w C:\WINDOWS\system32\lqpnq35gri.exe
2007-09-15 12:15 --------- d-----w C:\Program Files\Vimicro
2007-09-11 02:09 --------- d-----w C:\Program Files\Multiicon
2006-10-12 03:09:39 94,208 --sha-w C:\WINDOWS\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-04_22.41.47.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-08 04:39:13 585,791 ----a-w C:\WINDOWS\gmer.dll
+ 2007-06-29 09:38:18 581,632 ----a-w C:\WINDOWS\gmer.exe
+ 2007-11-08 02:11:13 65,536 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\EasyShareDesktopShortcut.exe
+ 2007-11-08 02:11:13 180,224 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\EasyShareStartMenu.exe
+ 2007-11-08 02:11:13 180,224 ----a-r C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\EasyShareStartupShortcut.exe
+ 2007-11-08 02:14:35 25,214 ----a-r C:\WINDOWS\Installer\{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}\Endissrv.exe
+ 2007-11-08 02:15:53 10,342 ----a-r C:\WINDOWS\Installer\{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}\ARPPRODUCTICON.exe
+ 2007-11-08 02:14:44 45,056 ----a-r C:\WINDOWS\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut4.exe
+ 2007-11-08 02:14:43 135,168 ----a-r C:\WINDOWS\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut5.exe
+ 2006-03-29 15:54:06 688,920 ----a-w C:\WINDOWS\system32\color\Pcdoidx.dat
+ 2004-08-03 22:58:46 15,104 -c--a-w C:\WINDOWS\system32\dllcache\usbscan.sys
+ 2005-11-28 12:10:30 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe
+ 2005-11-28 12:10:18 53,248 ----a-w C:\WINDOWS\system32\dnssd.dll
+ 2007-11-08 04:39:13 70,001 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
- 2005-01-26 02:03:00 20,576 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2005-11-03 03:00:00 46,080 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
+ 2005-11-28 12:10:28 53,248 ----a-w C:\WINDOWS\system32\jdns_sd.dll
+ 2000-04-14 14:23:52 19,456 ----a-w C:\WINDOWS\system32\kcm2sp.dll
+ 2000-09-08 17:53:50 73,839 ----a-w C:\WINDOWS\system32\KodakOneTouch.dll
+ 2000-04-14 14:23:56 197,632 ----a-w C:\WINDOWS\system32\kpcp32.dll
+ 2000-04-14 14:23:56 37,376 ----a-w C:\WINDOWS\system32\kpsys32.dll
+ 2001-07-18 16:25:46 86,016 ----a-w C:\WINDOWS\system32\PrintAPI.dll
- 2005-01-26 14:36:00 339,968 ----a-w C:\WINDOWS\system32\Px.dll
+ 2006-02-06 10:37:22 430,080 ----a-w C:\WINDOWS\system32\Px.dll
- 2005-02-21 01:01:00 405,504 ----a-w C:\WINDOWS\system32\pxdrv.dll
+ 2006-01-26 01:01:00 450,560 ----a-w C:\WINDOWS\system32\pxdrv.dll
- 2005-01-26 14:35:08 172,032 ----a-w C:\WINDOWS\system32\PxMas.dll
+ 2006-02-06 10:36:18 176,128 ----a-w C:\WINDOWS\system32\PxMas.dll
- 2005-01-26 14:39:04 1,077,248 ----a-w C:\WINDOWS\system32\PxSFS.DLL
+ 2006-02-06 10:40:44 1,257,472 ----a-w C:\WINDOWS\system32\PxSFS.DLL
- 2005-01-26 14:34:40 339,968 ----a-w C:\WINDOWS\system32\PxWave.dll
+ 2006-02-06 10:35:46 339,968 ----a-w C:\WINDOWS\system32\PxWave.dll
- 2005-01-26 14:36:48 151,552 ----a-w C:\WINDOWS\system32\pxwma.dll
+ 2006-02-06 10:38:22 151,552 ----a-w C:\WINDOWS\system32\pxwma.dll
+ 2000-04-14 14:24:56 133,120 ----a-w C:\WINDOWS\system32\sprof32.dll
- 2005-01-12 01:00:00 28,672 ----a-w C:\WINDOWS\system32\VXBLOCK.dll
+ 2005-12-22 01:00:00 28,672 ----a-w C:\WINDOWS\system32\VXBLOCK.dll
+ 2007-11-08 02:10:55 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-29 10:41]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 07:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-25 01:59]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 09:00]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 05:25 C:\WINDOWS\system32\bthprops.cpl]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 14:15]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 16:10]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 15:13]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 05:25]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 04:29:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-12-06 23:33:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarsOnTaskbar"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
S2 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe -netsvcs
S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
S3 ZSMC0305;VIMICRO USB PC Camera VC0305;C:\WINDOWS\system32\Drivers\usbVM305.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 03:53:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-10 3:54:27
C:\ComboFix-quarantined-files.txt ... 2007-10-31 03:48
.
--- E O F ---



SDFix report


SDFix: Version 1.114

Run by Sohil Patel on 10/11/2007 at 04:00

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 04:07:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b00026]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b00026]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"NextDetectionTime"="2007-08-23 17:47:35"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Il\16\x178\x20ac{\xd1\x17e\xd8S ?(?T?r?u?e?T?y?p?e?)?"="HDZB_35.TTF"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 4 Aug 2004 561,179 A..H. --- "C:\i386\dao360.dll"
Wed 4 Aug 2004 81,408 A..H. --- "C:\i386\directdb.dll"
Mon 24 Mar 2003 618,605 A..H. --- "C:\i386\fp4autl.dll"
Sun 19 Nov 2000 450,669 A..H. --- "C:\i386\FP4AWEC.DLL"
Wed 4 Aug 2004 518 A..H. --- "C:\i386\handler.reg"
Wed 4 Aug 2004 588 A..H. --- "C:\i386\handsafe.reg"
Wed 4 Aug 2004 331,776 A..H. --- "C:\i386\msadce.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\i386\msadcer.dll"
Wed 4 Aug 2004 61,440 A..H. --- "C:\i386\msadcf.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\i386\msadcfr.dll"
Wed 4 Aug 2004 143,360 A..H. --- "C:\i386\msadco.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\i386\msadcor.dll"
Wed 4 Aug 2004 53,248 A..H. --- "C:\i386\msadcs.dll"
Wed 4 Aug 2004 155,648 A..H. --- "C:\i386\msadds.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\i386\msaddsr.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\i386\msader15.dll"
Wed 4 Aug 2004 536,576 A..H. --- "C:\i386\msado15.dll"
Wed 4 Aug 2004 180,224 A..H. --- "C:\i386\msadomd.dll"
Wed 4 Aug 2004 57,344 A..H. --- "C:\i386\msador15.dll"
Wed 4 Aug 2004 200,704 A..H. --- "C:\i386\msadox.dll"
Wed 4 Aug 2004 57,344 A..H. --- "C:\i386\msadrh15.dll"
Wed 4 Aug 2004 116,288 A..H. --- "C:\i386\msconv97.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\i386\msdadc.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\i386\msdaenum.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\i386\msdaer.dll"
Fri 24 May 2002 532,480 A..H. --- "C:\i386\MSDAIPP.DLL"
Wed 4 Aug 2004 233,472 A..H. --- "C:\i386\msdaora.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\i386\msdaorar.dll"
Wed 4 Aug 2004 77,824 A..H. --- "C:\i386\msdaosp.dll"
Fri 6 Apr 2001 155,648 A..H. --- "C:\i386\MSDAPML.DLL"
Wed 4 Aug 2004 16,384 A..H. --- "C:\i386\msdaprsr.dll"
Wed 4 Aug 2004 200,704 A..H. --- "C:\i386\msdaprst.dll"
Wed 4 Aug 2004 204,800 A..H. --- "C:\i386\msdaps.dll"
Wed 4 Aug 2004 118,784 A..H. --- "C:\i386\msdarem.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\i386\msdaremr.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\i386\msdasc.dll"
Wed 4 Aug 2004 315,392 A..H. --- "C:\i386\msdasql.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\i386\msdasqlr.dll"
Wed 4 Aug 2004 94,208 A..H. --- "C:\i386\msdatl3.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\i386\msdatt.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\i386\msdaurl.dll"
Wed 4 Aug 2004 36,864 A..H. --- "C:\i386\msdfmap.dll"
Wed 4 Aug 2004 39,936 A..H. --- "C:\i386\msinfo32.exe"
Wed 4 Aug 2004 102,400 A..H. --- "C:\i386\msjro.dll"
Sat 19 May 2001 561,209 A..H. --- "C:\i386\MSONSEXT.DLL"
Sun 6 Jun 1999 122,937 A..H. --- "C:\i386\MSOWS409.DLL"
Wed 4 Aug 2004 24,576 A..H. --- "C:\i386\msxactps.dll"
Wed 4 Aug 2004 487,424 A..H. --- "C:\i386\oledb32.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\i386\oledb32r.dll"
Wed 4 Aug 2004 741,376 A..H. --- "C:\i386\sapi.dll"
Wed 4 Aug 2004 36,864 A..H. --- "C:\i386\sapisvr.exe"
Wed 4 Aug 2004 61,440 A..H. --- "C:\i386\spcplui.dll"
Wed 4 Aug 2004 528,384 A..H. --- "C:\i386\sqloledb.dll"
Wed 4 Aug 2004 217,088 A..H. --- "C:\i386\sqlxmlx.dll"
Wed 4 Aug 2004 153,088 A..H. --- "C:\i386\TRIEDIT.DLL"
Wed 4 Aug 2004 848,384 A..H. --- "C:\i386\vgx.dll"
Wed 4 Aug 2004 504,832 A..H. --- "C:\i386\wab32.dll"
Wed 4 Aug 2004 249,856 A..H. --- "C:\i386\wab32res.dll"
Tue 24 Aug 2004 774,202 A..HR --- "C:\i386\wkcvqd.dll"
Tue 24 Aug 2004 868,425 A..H. --- "C:\i386\wkcvqd01.dll"
Tue 24 Aug 2004 118,860 A..H. --- "C:\i386\wkcvqr01.dll"
Tue 24 Aug 2004 118,845 A..HR --- "C:\i386\wkcvqrtf.dll"
Tue 24 Aug 2004 108,544 A..HR --- "C:\i386\WPEQU532.DLL"
Thu 4 Jan 2007 407,040 ...H. --- "C:\gps_project\report\~WRL3260.tmp"
Fri 11 Jun 2004 49,152 A..H. --- "C:\Program Files\Apoint\ApInst.dll"
Thu 19 Aug 2004 45,056 A..H. --- "C:\Program Files\Apoint\ApntEx.exe"
Thu 14 Oct 2004 1,122,304 A..H. --- "C:\Program Files\Apoint\Apoint.dll"
Mon 13 Sep 2004 155,648 A..H. --- "C:\Program Files\Apoint\Apoint.exe"
Tue 3 Jun 2003 102,400 A..H. --- "C:\Program Files\Apoint\Elprop.dll"
Wed 2 Jun 2004 49,152 A..H. --- "C:\Program Files\Apoint\EzAuto.dll"
Thu 17 Jun 2004 159,744 A..H. --- "C:\Program Files\Apoint\Ezcapt.exe"
Tue 15 Jun 2004 204,800 A..H. --- "C:\Program Files\Apoint\EzLaunch.dll"
Thu 19 Aug 2004 196,608 A..H. --- "C:\Program Files\Apoint\Uninstap.exe"
Tue 5 Dec 2006 72,704 A.SHR --- "C:\Program Files\Salaat Time\Setup.exe"
Thu 12 Oct 2006 94,208 A.SH. --- "C:\WINDOWS\system32\SalaatTime.dll"
Fri 8 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 5 Aug 2005 1,830,912 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atiadaxx.exe"
Fri 5 Aug 2005 368,640 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\aticds10.dll"
Fri 5 Aug 2005 380,928 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.dll"
Fri 5 Aug 2005 6,144 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atiicdxx.sys"
Fri 5 Aug 2005 36,864 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atiiprxx.exe"
Fri 5 Aug 2005 262,144 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll"
Fri 5 Aug 2005 73,728 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll"
Fri 5 Aug 2005 61,440 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atiphexx.exe"
Fri 5 Aug 2005 94,208 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atippaxx.dll"
Fri 5 Aug 2005 118,784 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe"
Fri 5 Aug 2005 344,064 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
Fri 5 Aug 2005 2,035,712 A..H. --- "C:\Program Files\ATI Technologies\ATI Control Panel\atipuixx.dll"
Wed 18 Aug 2004 1,490,944 A..H. --- "C:\Program Files\Broadcom\BACS\BACS.exe"
Wed 18 Aug 2004 118,784 A..H. --- "C:\Program Files\Broadcom\BACS\BacsTray.exe"
Thu 24 Apr 2003 6,025 A..H. --- "C:\Program Files\Broadcom\BACS\BASFND.sys"
Mon 2 Aug 2004 229,376 A..H. --- "C:\Program Files\Broadcom\BACS\BMAPI.dll"
Thu 19 Feb 2004 106,496 A..H. --- "C:\Program Files\Broadcom\BACS\cabw32.dll"
Thu 30 Jan 2003 12,073 A..H. --- "C:\Program Files\Broadcom\BACS\FAD.sys"
Thu 30 Jan 2003 11,904 A..H. --- "C:\Program Files\Broadcom\BACS\FADXP32.sys"
Mon 8 Nov 2004 229,376 A..H. --- "C:\Program Files\Common Files\Sonic Shared\AudioPlayer.dll"
Thu 2 Sep 2004 106,496 A..H. --- "C:\Program Files\Common Files\Sonic Shared\CinemasterVCDNav.dll"
Wed 4 Aug 2004 249,856 A..H. --- "C:\Program Files\Common Files\System\wab32res.dll"
Fri 12 Mar 2004 536,576 A..H. --- "C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSetup.exe"
Wed 23 Feb 2005 409,600 A..H. --- "C:\Program Files\CyberLink\PowerDVD\CLAlbumArt.dll"
Fri 29 Oct 2004 606,208 A..H. --- "C:\Program Files\CyberLink\PowerDVD\claudrc.dll"
Wed 23 Feb 2005 86,016 A..H. --- "C:\Program Files\CyberLink\PowerDVD\CLDeviceDetector.dll"
Wed 23 Feb 2005 36,864 A..H. --- "C:\Program Files\CyberLink\PowerDVD\CLMixerWrapper.dll"
Wed 23 Feb 2005 45,056 A..H. --- "C:\Program Files\CyberLink\PowerDVD\CLRCEngine.dll"
Wed 23 Feb 2005 28,672 A..H. --- "C:\Program Files\CyberLink\PowerDVD\ControlLED.dll"
Wed 23 Feb 2005 53,248 A..H. --- "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
Wed 23 Feb 2005 1,712,128 A..H. --- "C:\Program Files\CyberLink\PowerDVD\gdiplus.dll"
Wed 23 Feb 2005 401,462 A..H. --- "C:\Program Files\CyberLink\PowerDVD\msvcp60.dll"
Wed 23 Feb 2005 10,879 A..H. --- "C:\Program Files\CyberLink\PowerDVD\Ntaccess.sys"
Wed 23 Feb 2005 327,680 A..H. --- "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"
Wed 23 Feb 2005 86,016 A..H. --- "C:\Program Files\CyberLink\PowerDVD\Rpc2.dll"
Wed 23 Feb 2005 28,672 A..H. --- "C:\Program Files\CyberLink\PowerDVD\SysKernel.dll"
Wed 23 Feb 2005 180,224 A..H. --- "C:\Program Files\CyberLink\PowerDVD\SysUI.dll"
Wed 23 Feb 2005 299,008 A..H. --- "C:\Program Files\CyberLink\Shared Files\PdcMPG2V.dll"
Wed 15 Sep 2004 229,376 A..H. --- "C:\Program Files\Dell\Media Experience\AudioPlayer.dll"
Wed 15 Sep 2004 65,536 A..H. --- "C:\Program Files\Dell\Media Experience\AudioPlayerLib.dll"
Wed 15 Sep 2004 8,638,464 A..H. --- "C:\Program Files\Dell\Media Experience\AuthorScript.dll"
Wed 15 Sep 2004 49,152 A..H. --- "C:\Program Files\Dell\Media Experience\AxAudioPlayerLib.dll"
Wed 15 Sep 2004 45,056 A..H. --- "C:\Program Files\Dell\Media Experience\AxInterop.SHDocVw.dll"
Wed 15 Sep 2004 49,152 A..H. --- "C:\Program Files\Dell\Media Experience\AxInterop.WMPLib.dll"
Wed 29 Sep 2004 442,368 A..H. --- "C:\Program Files\Dell\Media Experience\CommonUIManaged.dll"
Wed 29 Sep 2004 81,920 A..H. --- "C:\Program Files\Dell\Media Experience\DMX.exe"
Wed 29 Sep 2004 122,880 A..H. --- "C:\Program Files\Dell\Media Experience\DMXCommonUI.dll"
Wed 15 Sep 2004 86,016 A..H. --- "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
Wed 5 Sep 2001 1,700,352 A..H. --- "C:\Program Files\Dell\Media Experience\gdiplus.dll"
Wed 15 Sep 2004 86,016 A..H. --- "C:\Program Files\Dell\Media Experience\Interop.MediaPlayer.dll"
Wed 15 Sep 2004 126,976 A..H. --- "C:\Program Files\Dell\Media Experience\Interop.SHDocVw.dll"
Wed 15 Sep 2004 270,336 A..H. --- "C:\Program Files\Dell\Media Experience\Interop.WMPLib.dll"
Wed 15 Sep 2004 8,007,680 A..H. --- "C:\Program Files\Dell\Media Experience\microsoft.mshtml.dll"
Wed 15 Sep 2004 131,072 A..H. --- "C:\Program Files\Dell\Media Experience\Microsoft.DirectX.DirectSound.dll"
Wed 15 Sep 2004 281,600 A..H. --- "C:\Program Files\Dell\Media Experience\Microsoft.DirectX.Direct3D.dll"
Wed 15 Sep 2004 1,911,296 A..H. --- "C:\Program Files\Dell\Media Experience\Microsoft.DirectX.Direct3DX.dll"
Wed 15 Sep 2004 123,904 A..H. --- "C:\Program Files\Dell\Media Experience\Microsoft.DirectX.DirectDraw.dll"
Wed 15 Sep 2004 136,192 A..H. --- "C:\Program Files\Dell\Media Experience\Microsoft.DirectX.DirectInput.dll"
Wed 15 Sep 2004 196,608 A..H. --- "C:\Program Files\Dell\Media Experience\Microsoft.DirectX.dll"
Wed 15 Sep 2004 221,696 A..H. --- "C:\Program Files\Dell\Media Experience\Microsoft.DirectX.DirectPlay.dll"
Wed 15 Sep 2004 28,672 A..H. --- "C:\Program Files\Dell\Media Experience\MsHtmHstInterop.dll"
Wed 15 Sep 2004 114,688 A..H. --- "C:\Program Files\Dell\Media Experience\PrimoSDK.dll"
Wed 15 Sep 2004 237,568 A..H. --- "C:\Program Files\Dell\Media Experience\RemoteCtrl.dll"
Wed 15 Sep 2004 114,688 A..H. --- "C:\Program Files\Dell\Media Experience\SharpZipLib.dll"
Wed 29 Sep 2004 897,024 A..H. --- "C:\Program Files\Dell\Media Experience\SimpleBurnEngineManaged.dll"
Wed 15 Sep 2004 332,800 A..H. --- "C:\Program Files\Dell\Media Experience\SonicMCDVD_32.dll"
Wed 15 Sep 2004 57,344 A..H. --- "C:\Program Files\Dell\Media Experience\SonicMediaPlayerLib.dll"
Wed 15 Sep 2004 14,848 A..H. --- "C:\Program Files\Dell\Media Experience\SonicMPGvout.dll"
Wed 15 Sep 2004 278,528 A..H. --- "C:\Program Files\Dell\Media Experience\SonicMPGaout.dll"
Wed 15 Sep 2004 102,400 A..H. --- "C:\Program Files\Dell\Media Experience\SonicMPGmux.dll"
Wed 15 Sep 2004 13,312 A..H. --- "C:\Program Files\Dell\Media Experience\SonicDVD.dll"
Wed 15 Sep 2004 122,880 A..H. --- "C:\Program Files\Dell\Media Experience\SonicHTTPClient.dll"
Wed 15 Sep 2004 7,680 A..H. --- "C:\Program Files\Dell\Media Experience\SonicHTTPClientlib.dll"
Wed 15 Sep 2004 225,280 A..H. --- "C:\Program Files\Dell\Media Experience\sonicmpg_dlg.dll"
Wed 15 Sep 2004 98,304 A..H. --- "C:\Program Files\Dell\Media Experience\sonicmpgcap32.dll"
Wed 15 Sep 2004 24,576 A..H. --- "C:\Program Files\Dell\Media Experience\sonicmpgcheck.dll"
Wed 15 Sep 2004 2,076,672 A..H. --- "C:\Program Files\Dell\Media Experience\SonicMediaPlayer.dll"
Wed 15 Sep 2004 24,576 A..H. --- "C:\Program Files\Dell\Media Experience\sonicpcmaout.dll"
Wed 30 Jun 2004 16,128 A..H. --- "C:\Program Files\Dell\NicConfigSvc\Appdrv.sys"
Thu 3 Mar 2005 356,352 A..H. --- "C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe"
Wed 10 Nov 2004 225,280 A..H. --- "C:\Program Files\Dell\NicConfigSvc\SVCLauncher.exe"
Wed 10 Nov 2004 327,680 A..H. --- "C:\Program Files\Dell\QuickSet\battery.exe"
Thu 23 Dec 2004 69,632 A..H. --- "C:\Program Files\Dell\QuickSet\dadkeyb.dll"
Fri 4 Mar 2005 774,144 A..H. --- "C:\Program Files\Dell\QuickSet\powerset.exe"
Fri 4 Mar 2005 606,208 A..H. --- "C:\Program Files\Dell\QuickSet\quickset.exe"
Fri 14 Jan 2005 45,056 A..H. --- "C:\Program Files\Dell Inc\Dell Picture Studio v3.0\DellSTFetch.dll"
Fri 14 Jan 2005 86,016 A..H. --- "C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe"
Fri 14 Jan 2005 57,344 A..H. --- "C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launchrc.dll"
Mon 29 Dec 2003 1,060,864 A..H. --- "C:\Program Files\Dell Inc\Dell Picture Studio v3.0\mfc71.dll"
Mon 29 Dec 2003 499,712 A..H. --- "C:\Program Files\Dell Inc\Dell Picture Studio v3.0\msvcp71.dll"
Mon 29 Dec 2003 348,160 A..H. --- "C:\Program Files\Dell Inc\Dell Picture Studio v3.0\msvcr71.dll"
Mon 23 Feb 2004 45,056 A..H. --- "C:\Program Files\Common Files\AOL\ACS\acssetup.exe"
Thu 18 Mar 2004 162,214 A..H. --- "C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.EXE"
Wed 5 Sep 2001 225,280 A..H. --- "C:\Program Files\Common Files\InstallShield\IScript\iscript.dll"
Tue 27 Jul 2004 503,808 A..H. --- "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"
Tue 27 Jul 2004 217,088 A..H. --- "C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe"
Tue 27 Jul 2004 81,920 A..H. --- "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
Tue 27 Jul 2004 221,184 A..H. --- "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
Tue 27 Jul 2004 385,024 A..H. --- "C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll"
Tue 27 Jul 2004 368,640 A..H. --- "C:\Program Files\Common Files\InstallShield\UpdateService\_isusres.dll"
Wed 4 Aug 2004 561,179 A..H. --- "C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll"
Wed 4 Aug 2004 39,936 A..H. --- "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"
Tue 24 Aug 2004 65,593 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\Proof\csapi3t1.dll"
Tue 24 Aug 2004 45,121 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\Proof\ctapi3t2.dll"
Wed 4 Aug 2004 741,376 A..H. --- "C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll"
Wed 4 Aug 2004 36,864 A..H. --- "C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe"
Tue 24 Aug 2004 108,544 A..HR --- "C:\Program Files\Common Files\Microsoft Shared\TextConv\WPEQU532.DLL"
Wed 4 Aug 2004 153,088 A..H. --- "C:\Program Files\Common Files\Microsoft Shared\Triedit\TRIEDIT.DLL"
Sun 6 Jun 1999 122,937 A..H. --- "C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOWS409.DLL"
Tue 24 Aug 2004 143,410 A..H. --- "C:\Program Files\Common Files\Microsoft Shared\Works Shared\aw.dll"
Wed 4 Aug 2004 235,520 A..H. --- "C:\Program Files\Common Files\MSSoap\Binaries\mssoap1.dll"
Wed 4 Aug 2004 25,088 A..H. --- "C:\Program Files\Common Files\MSSoap\Binaries\wisc10.dll"
Thu 18 Mar 2004 126,977 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\AmpX.dll"
Thu 18 Mar 2004 136,304 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\AOLMediaPlaybackControl.exe"
Wed 16 Nov 2005 84,992 A..H. --- "C:\Program Files\Common Files\Real\Codecs\14_43260.dll"
Wed 16 Nov 2005 44,032 A..H. --- "C:\Program Files\Common Files\Real\Codecs\28_83260.dll"
Wed 4 Aug 2004 77,824 A..H. --- "C:\Program Files\Common Files\SpeechEngines\Microsoft\spcommon.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\Program Files\Common Files\System\ado\msader15.dll"
Wed 4 Aug 2004 57,344 A..H. --- "C:\Program Files\Common Files\System\ado\msador15.dll"
Wed 4 Aug 2004 57,344 A..H. --- "C:\Program Files\Common Files\System\ado\msadrh15.dll"
Wed 4 Aug 2004 518 A..H. --- "C:\Program Files\Common Files\System\msadc\handler.reg"
Wed 4 Aug 2004 588 A..H. --- "C:\Program Files\Common Files\System\msadc\handsafe.reg"
Wed 4 Aug 2004 331,776 A..H. --- "C:\Program Files\Common Files\System\msadc\msadce.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\Program Files\Common Files\System\msadc\msadcer.dll"
Wed 4 Aug 2004 61,440 A..H. --- "C:\Program Files\Common Files\System\msadc\msadcf.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\Program Files\Common Files\System\msadc\msadcfr.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\Program Files\Common Files\System\msadc\msadcor.dll"
Wed 4 Aug 2004 53,248 A..H. --- "C:\Program Files\Common Files\System\msadc\msadcs.dll"
Wed 4 Aug 2004 155,648 A..H. --- "C:\Program Files\Common Files\System\msadc\msadds.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\Program Files\Common Files\System\msadc\msaddsr.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\Program Files\Common Files\System\msadc\msdaprsr.dll"
Wed 4 Aug 2004 200,704 A..H. --- "C:\Program Files\Common Files\System\msadc\msdaprst.dll"
Wed 4 Aug 2004 118,784 A..H. --- "C:\Program Files\Common Files\System\msadc\msdarem.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\Program Files\Common Files\System\msadc\msdaremr.dll"
Wed 4 Aug 2004 36,864 A..H. --- "C:\Program Files\Common Files\System\msadc\msdfmap.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdadc.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdaenum.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdaer.dll"
Wed 4 Aug 2004 233,472 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdaora.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdaorar.dll"
Wed 4 Aug 2004 77,824 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdaosp.dll"
Wed 4 Aug 2004 204,800 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdaps.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdasc.dll"
Wed 4 Aug 2004 315,392 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdasql.dll"
Wed 4 Aug 2004 16,384 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll"
Wed 4 Aug 2004 94,208 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdatl3.dll"
Wed 4 Aug 2004 20,480 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdatt.dll"
Wed 4 Aug 2004 4,096 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msdaurl.dll"
Wed 4 Aug 2004 24,576 A..H. --- "C:\Program Files\Common Files\System\Ole DB\msxactps.dll"
Wed 4 Aug 2004 487,424 A..H. --- "C:\Program Files\Common Files\System\Ole DB\oledb32.dll"
Wed 4 Aug 2004 65,536 A..H. --- "C:\Program Files\Common Files\System\Ole DB\oledb32r.dll"
Wed 4 Aug 2004 528,384 A..H. --- "C:\Program Files\Common Files\System\Ole DB\sqloledb.dll"
Wed 4 Aug 2004 217,088 A..H. --- "C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll"
Wed 12 Jan 2005 355,840 A..H. --- "C:\Program Files\Common Files\TiVo Shared\DirectShow\TiVoDirectShowFilter.dll"
Fri 29 Oct 2004 606,208 A..H. --- "C:\Program Files\CyberLink\PowerDVD\Movie\CLAudRC.dll"
Wed 23 Feb 2005 36,864 A..H. --- "C:\Program Files\CyberLink\PowerDVD\Movie\clds.dll"
Wed 23 Feb 2005 299,008 A..H. --- "C:\Program Files\CyberLink\PowerDVD\Movie\CLDShowX.dll"
Wed 23 Feb 2005 45,056 A..H. --- "C:\Program Files\CyberLink\PowerDVD\Movie\CLDVDEngine.dll"
Wed 23 Feb 2005 45,056 A..H. --- "C:\Program Files\CyberLink\PowerDVD\Movie\clwo.dll"
Wed 19 Jan 2005 671,744 A..H. --- "C:\Program Files\CyberLink\PowerDVD\Movie\DolbyHph.dll"
Wed 19 Jan 2005 110,592 A..H. --- "C:\Program Files\CyberLink\PowerDVD\Movie\LakeControl.dll"
Wed 15 Sep 2004 106,496 A..H. --- "C:\Program Files\Dell\Media Experience\Filters\SonicMPEGSplitter.dll"
Wed 15 Sep 2004 262,144 A..H. --- "C:\Program Files\Dell\Media Experience\Filters\SonicMPEGAudio.dll"
Wed 15 Sep 2004 450,560 A..H. --- "C:\Program Files\Dell\Media Experience\Filters\SonicMPEGVideo.dll"
Wed 15 Sep 2004 332,800 A..H. --- "C:\Program Files\Dell\Media Experience\Filters\SonicMCDVD_32.DLL"
Wed 15 Sep 2004 278,528 A..H. --- "C:\Program Files\Dell\Media Experience\Filters\sonicmpgaout.dll"
Wed 15 Sep 2004 102,400 A..H. --- "C:\Program Files\Dell\Media Experience\Filters\sonicmpgmux.dll"
Wed 15 Sep 2004 14,848 A..H. --- "C:\Program Files\Dell\Media Experience\Filters\sonicmpgvout.dll"
Wed 15 Sep 2004 180,224 A..H. --- "C:\Program Files\Dell\Media Experience\SFXPlugins\StandardFX_Plugin.dll"
Wed 15 Sep 2004 110,592 A..H. --- "C:\Program Files\Dell\Media Experience\TranscoderPlugins\DDConsumerTranscoder.dll"
Wed 15 Sep 2004 61,440 A..H. --- "C:\Program Files\Dell\Media Experience\TranscoderPlugins\MCTranscoderPlugin.dll"
Wed 15 Sep 2004 147,456 A..H. --- "C:\Program Files\Dell\Media Experience\TranscoderPlugins\SonicTranscoderPlugin.dll"
Thu 31 Aug 2006 739,840 A..H. --- "C:\Rosemead\backup\pc_1\??\~WRL2399.tmp"
Thu 31 Aug 2006 754,688 A..H. --- "C:\Rosemead\backup\pc_1\??\~WRL2828.tmp"
Wed 8 Feb 2006 613,376 A..H. --- "C:\Rosemead\backup\pc_1\??\~WRL3906.tmp"
Tue 22 Aug 2006 21,504 A..H. --- "C:\Documents and Settings\Sohil Patel\Application Data\Microsoft\Emulator for Windows CE\VPCKeyboard.dll"
Sun 18 Apr 2004 32,768 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll"
Wed 4 Aug 2004 61,440 A..H. --- "C:\Program Files\Common Files\Microsoft Shared\Speech\1033\spcplui.dll"
Thu 18 Mar 2004 204,800 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\enc_aac.dll"
Thu 18 Mar 2004 58,368 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\in_cdda.dll"
Thu 18 Mar 2004 51,200 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\in_dshow.dll"
Thu 18 Mar 2004 28,672 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\in_midi.dll"
Thu 18 Mar 2004 204,800 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\in_mp3.dll"
Thu 18 Mar 2004 64,000 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\in_nsv.dll"
Thu 18 Mar 2004 16,384 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\in_qt.dll"
Thu 18 Mar 2004 274,432 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\in_vlb.dll"
Thu 18 Mar 2004 32,768 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\in_wave.dll"
Thu 18 Mar 2004 106,496 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\in_wm.dll"
Thu 18 Mar 2004 389,120 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\nsvdec_vp5.dll"
Thu 18 Mar 2004 139,264 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\nsvdec_aac.dll"
Thu 18 Mar 2004 65,536 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\nsvdec_mp3.dll"
Thu 18 Mar 2004 139,264 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\nsvdec_vlb.dll"
Thu 18 Mar 2004 110,592 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\nsvdec_vp3.dll"
Thu 18 Mar 2004 41,472 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\out_ds.dll"
Thu 18 Mar 2004 24,576 A..H. --- "C:\Program Files\Common Files\Nullsoft\ActiveX\plugins\out_mm2.dll"
Mon 31 Jan 2005 176,128 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Audio\AP_WMADRM.dll"
Mon 31 Jan 2005 356,352 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Audio\AudioPlugin.dll"
Mon 31 Jan 2005 44,544 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Audio\Launch.exe"
Mon 31 Jan 2005 155,648 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Audio\MainrENU.dll"
Mon 31 Jan 2005 274,432 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Copy\CopyNow.dll"
Mon 31 Jan 2005 159,744 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Copy\MainrENU.dll"
Fri 4 Feb 2005 442,368 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Data\DataPlugin.dll"
Fri 4 Feb 2005 151,552 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Data\Launch.exe"
Fri 4 Feb 2005 147,456 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Data\MainrENU.dll"
Fri 18 Feb 2005 499,712 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Engine\msvcp71.DLL"
Fri 18 Feb 2005 348,160 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Engine\msvcr71.DLL"
Fri 18 Feb 2005 565,248 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Engine\PxWrap.dll"
Fri 28 Jan 2005 200,704 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Home\HomePlugin.dll"
Fri 28 Jan 2005 45,056 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Home\MainrENU.dll"
Mon 31 Jan 2005 131,072 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\LaunchMyDVD\LaunchMyDVD.dll"
Fri 4 Feb 2005 94,208 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\LaunchBackup\LaunchBackup.dll"
Thu 26 Feb 2004 1,638,400 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\gdiplus.dll"
Wed 22 Dec 2004 12,345,344 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\LeaderReg.exe"
Tue 22 Feb 2005 253,952 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\MainrENU.dll"
Tue 22 Feb 2005 2,293,760 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe"
Sat 5 Jan 2002 487,424 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\msvcp70.dll"
Tue 18 Mar 2003 499,712 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\msvcp71.dll"
Sat 5 Jan 2002 344,064 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\msvcr70.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\msvcr71.dll"
Wed 22 Dec 2004 245,408 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\UNICOWS.DLL"
Wed 29 Sep 2004 73,728 A..H. --- "C:\Program Files\Dell\Media Experience\Plugins\BurnWizard\BurnWizard.dll"
Wed 29 Sep 2004 32,768 A..H. --- "C:\Program Files\Dell\Media Experience\Plugins\CDRip\CDRip.dll"
Wed 15 Sep 2004 20,480 A..H. --- "C:\Program Files\Dell\Media Experience\Plugins\DVDPlayer\DVDPlayer.dll"
Wed 15 Sep 2004 28,672 A..H. --- "C:\Program Files\Dell\Media Experience\Plugins\FileImport\FileImport.dll"
Wed 29 Sep 2004 81,920 A..H. --- "C:\Program Files\Dell\Media Experience\Plugins\MyMusic\MyMusic.dll"
Wed 29 Sep 2004 61,440 A..H. --- "C:\Program Files\Dell\Media Experience\Plugins\MyPictures\MyPictures.dll"
Wed 29 Sep 2004 45,056 A..H. --- "C:\Program Files\Dell\Media Experience\Plugins\MyVideos\MyVideos.dll"
Wed 29 Sep 2004 45,056 A..H. --- "C:\Program Files\Dell\Media Experience\Plugins\PrintWizard\PrintWizard.dll"
Wed 29 Sep 2004 28,672 A..H. --- "C:\Program Files\Dell\Media Experience\Plugins\UploadDellDJ\UploadDellDJ.dll"
Thu 28 Sep 2006 54,520 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp"
Thu 4 Dec 2003 40,960 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Latif's stuff\~WRL3576.tmp"
Wed 25 Feb 2004 6,656 A..H. --- "C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\AcsRollbackRes.dll"
Mon 23 Feb 2004 77,824 A..H. --- "C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\AcsRollback.exe"
Tue 11 Jun 2002 618,496 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe"
Tue 11 Jun 2002 233,472 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll"
Tue 11 Jun 2002 335,872 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll"
Tue 11 Jun 2002 188,416 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll"
Tue 11 Jun 2002 32,768 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll"
Mon 10 Jun 2002 290,816 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll"
Tue 3 Aug 2004 647,168 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe"
Tue 3 Aug 2004 647,168 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe"
Tue 1 Apr 2003 237,568 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IScript8.dll"
Tue 1 Apr 2003 327,680 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\ISRT.dll"
Tue 1 Apr 2003 188,416 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IUser8.dll"
Tue 1 Apr 2003 32,768 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\objps8.dll"
Wed 5 Mar 2003 290,816 A..H. --- "C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\_ISRES1033.dll"
Wed 5 Sep 2001 77,824 A..H. --- "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ctor.dll"
Thu 25 Jul 2002 614,532 A..H. --- "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe"
Fri 5 Aug 2005 212,992 A..H. --- "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll"
Wed 5 Sep 2001 176,128 A..H. --- "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\iuser.dll"
Wed 5 Sep 2001 32,768 A..H. --- "C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\objectps.dll"
Wed 19 Nov 2003 5,635,975 A..H. --- "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core1.zip"
Wed 19 Nov 2003 6,341,351 A..H. --- "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core2.zip"
Wed 19 Nov 2003 4,648,893 A..H. --- "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\core3.zip"
Wed 19 Nov 2003 2,141,903 A..H. --- "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\extra.zip"
Wed 19 Nov 2003 3,642,111 A..H. --- "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\other.zip"
Mon 24 Mar 2003 618,605 A..H. --- "C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\fp4autl.dll"
Sun 19 Nov 2000 450,669 A..H. --- "C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\FP4AWEC.DLL"
Wed 4 Aug 2004 23,552 A..H. --- "C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033\mssoapr.dll"
Thu 18 Mar 2004 177,152 A..H. --- "C:\Program Files\Common Files\Nullsoft\Video\ActiveX\plugins\nsvplayx_vp5_mp3.dll"
Mon 17 Jan 2005 192,512 A..H. --- "C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\RDC\mainrENU.dll"
Wed 4 Aug 2004 774,144 A..H. --- "C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\spttseng.dll"
Mon 15 Aug 2005 18,944 A..H. --- "C:\Rosemead\backup\pc_1\IMP\????\????\~WRD0004.tmp"
Tue 24 Jun 2003 20,480 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\SUNNYSTAR\Invoices\~WRL0003.tmp"
Tue 24 Jun 2003 20,480 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\SUNNYSTAR\Invoices\~WRL0005.tmp"
Thu 22 Apr 2004 3,938,482 A..H. --- "C:\Program Files\Common Files\AOL\Backup\ACS\Current\UK\acssetup.exe"
Wed 19 Nov 2003 1,949,696 A..H. --- "C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28\patch-j2re1.4.2_03-b02\patchjre.exe"
Wed 26 Oct 2005 1,095,680 A..H. --- "C:\Rosemead\backup\pc_1\IMP\????\????\10?????\~WRL2107.tmp"
Mon 16 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sohil Patel\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 16 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sohil Patel\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 16 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sohil Patel\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 16 Apr 2007 8 A..H. --- "C:\Documents and Settings\Sohil Patel\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Mon 30 Jul 2007 8 A..H. --- "C:\Documents and Settings\Sohil Patel\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
Wed 30 Jul 2003 203,264 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\~WRL0498.tmp"
Mon 10 Nov 2003 69,715 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll"
Mon 10 Nov 2003 5,632 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe"
Wed 16 Nov 2005 188,548 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll"
Mon 10 Nov 2003 729,088 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll"
Mon 10 Nov 2003 266,240 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll"
Mon 10 Nov 2003 192,512 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll"
Wed 16 Nov 2005 311,428 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll"
Sun 18 Apr 2004 69,715 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll"
Sun 18 Apr 2004 5,632 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe"
Wed 16 Nov 2005 180,356 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll"
Sun 18 Apr 2004 733,184 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll"
Sun 18 Apr 2004 266,240 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll"
Sun 18 Apr 2004 172,032 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll"
Wed 16 Nov 2005 303,236 A..H. --- "C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll"
Sun 5 Feb 2006 547,840 A..H. --- "C:\Rosemead\backup\pc_1\IMP\????\????\??\??????\~WRL0853.tmp"
Sun 5 Feb 2006 389,632 A..H. --- "C:\Rosemead\backup\pc_1\IMP\????\????\??\??????\~WRL1910.tmp"
Sun 5 Feb 2006 565,248 A..H. --- "C:\Rosemead\backup\pc_1\IMP\????\????\??\??????\~WRL3388.tmp"
Thu 31 Aug 2006 739,840 A..H. --- "C:\Rosemead\backup\pc_1\IMP\????\?????\???????????\??\~WRL2399.tmp"
Thu 31 Aug 2006 754,688 A..H. --- "C:\Rosemead\backup\pc_1\IMP\????\?????\???????????\??\~WRL2828.tmp"
Wed 8 Feb 2006 613,376 A..H. --- "C:\Rosemead\backup\pc_1\IMP\????\?????\???????????\??\~WRL3906.tmp"
Tue 2 Mar 2004 503,296 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 2\Enhancements\~WRL0830.tmp"
Sat 13 Sep 2003 821,760 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\~WRL0176.tmp"
Sat 14 Jun 2003 87,040 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Testing\Inbound Test Cases\~WRL0617.tmp"
Sat 14 Jun 2003 89,600 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Testing\Inbound Test Cases\~WRL1232.tmp"
Sat 14 Jun 2003 90,112 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Testing\Inbound Test Cases\~WRL1245.tmp"
Wed 30 Jul 2003 203,264 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\~WRL0498.tmp"
Wed 17 Mar 2004 489,472 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 2\Enhancements\Kerridge\~WRL2738.tmp"
Thu 9 Oct 2003 45,568 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 2\Testing\Aftersales no-show tests\~WRL1291.tmp"
Thu 18 Sep 2003 41,984 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0003.tmp"
Thu 18 Sep 2003 39,936 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0005.tmp"
Thu 18 Sep 2003 61,952 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0120.tmp"
Thu 18 Sep 2003 39,936 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0300.tmp"
Thu 18 Sep 2003 54,784 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0366.tmp"
Thu 18 Sep 2003 48,128 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0455.tmp"
Thu 18 Sep 2003 51,200 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0476.tmp"
Thu 18 Sep 2003 49,152 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0754.tmp"
Thu 18 Sep 2003 46,080 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0804.tmp"
Thu 18 Sep 2003 48,128 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0813.tmp"
Thu 18 Sep 2003 56,832 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0831.tmp"
Thu 18 Sep 2003 45,056 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0847.tmp"
Thu 18 Sep 2003 63,488 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0941.tmp"
Thu 18 Sep 2003 45,568 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1094.tmp"
Thu 18 Sep 2003 58,880 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1125.tmp"
Thu 18 Sep 2003 61,440 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1128.tmp"
Thu 18 Sep 2003 58,880 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1136.tmp"
Thu 18 Sep 2003 54,784 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1177.tmp"
Thu 18 Sep 2003 67,072 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1236.tmp"
Thu 18 Sep 2003 45,568 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1310.tmp"
Thu 18 Sep 2003 48,128 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1318.tmp"
Thu 18 Sep 2003 62,976 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2002.tmp"
Tue 7 Oct 2003 84,480 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2093.tmp"
Thu 18 Sep 2003 47,616 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2262.tmp"
Thu 9 Oct 2003 94,720 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2343.tmp"
Thu 18 Sep 2003 58,880 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2390.tmp"
Thu 18 Sep 2003 45,056 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2398.tmp"
Thu 18 Sep 2003 62,976 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2438.tmp"
Thu 18 Sep 2003 46,080 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3568.tmp"
Thu 18 Sep 2003 61,440 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3651.tmp"
Thu 18 Sep 2003 42,496 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3672.tmp"
Thu 18 Sep 2003 55,296 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3776.tmp"
Thu 18 Sep 2003 47,616 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3834.tmp"
Thu 18 Sep 2003 59,904 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3856.tmp"
Thu 18 Sep 2003 58,368 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL4005.tmp"
Thu 18 Sep 2003 59,392 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\DCUK Work Folder\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL4022.tmp"
Sat 13 Sep 2003 821,760 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\~WRL0176.tmp"
Sat 14 Jun 2003 87,040 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Testing\Inbound Test Cases\~WRL0617.tmp"
Sat 14 Jun 2003 89,600 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Testing\Inbound Test Cases\~WRL1232.tmp"
Sat 14 Jun 2003 90,112 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Testing\Inbound Test Cases\~WRL1245.tmp"
Thu 18 Sep 2003 41,984 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0003.tmp"
Thu 18 Sep 2003 39,936 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0005.tmp"
Thu 18 Sep 2003 61,952 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0120.tmp"
Thu 18 Sep 2003 39,936 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0300.tmp"
Thu 18 Sep 2003 54,784 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0366.tmp"
Thu 18 Sep 2003 48,128 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0455.tmp"
Thu 18 Sep 2003 51,200 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0476.tmp"
Thu 18 Sep 2003 49,152 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0754.tmp"
Thu 18 Sep 2003 46,080 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0804.tmp"
Thu 18 Sep 2003 48,128 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0813.tmp"
Thu 18 Sep 2003 56,832 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0831.tmp"
Thu 18 Sep 2003 45,056 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0847.tmp"
Thu 18 Sep 2003 63,488 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL0941.tmp"
Thu 18 Sep 2003 45,568 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1094.tmp"
Thu 18 Sep 2003 58,880 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1125.tmp"
Thu 18 Sep 2003 61,440 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1128.tmp"
Thu 18 Sep 2003 58,880 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1136.tmp"
Thu 18 Sep 2003 54,784 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1177.tmp"
Thu 18 Sep 2003 67,072 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1236.tmp"
Thu 18 Sep 2003 45,568 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1310.tmp"
Thu 18 Sep 2003 48,128 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL1318.tmp"
Thu 18 Sep 2003 62,976 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2002.tmp"
Tue 7 Oct 2003 84,480 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2093.tmp"
Thu 18 Sep 2003 47,616 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2262.tmp"
Thu 9 Oct 2003 94,720 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2343.tmp"
Thu 18 Sep 2003 58,880 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2390.tmp"
Thu 18 Sep 2003 45,056 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2398.tmp"
Thu 18 Sep 2003 62,976 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL2438.tmp"
Thu 18 Sep 2003 46,080 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3568.tmp"
Thu 18 Sep 2003 61,440 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3651.tmp"
Thu 18 Sep 2003 42,496 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3672.tmp"
Thu 18 Sep 2003 55,296 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3776.tmp"
Thu 18 Sep 2003 47,616 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3834.tmp"
Thu 18 Sep 2003 59,904 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL3856.tmp"
Thu 18 Sep 2003 58,368 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL4005.tmp"
Thu 18 Sep 2003 59,392 A..H. --- "C:\Documents and Settings\Sohil Patel\My Documents\Latif Files\latif\Docs on Disgo\Call Centre\Call Centre\Phase 1b AfterSales\To-Be\Outbound\~WRL4022.tmp"

Finished!


Thanking you
Sohil

[Ried]

Hello sohil,

I doubt this will make any difference since the file is missing, but it will only take you a moment to carry out:

Click Start->Run - (or use Task Manager>File>Run new task) type services.msc & then click on the OK button
*Locate the service - Kerberos Key Distribution Centers
*Double-click on it to open the Properties dialog.
*Under the General tab, take note of the Service Name given--(it may be the same, but check to be certain) you'll need that shortly.
*Stop the service by using the Stop button.
*Change the Startup type to Disabled & then click on the OK button

Next, start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
*In the popup box that appears, type in type in kkdc Click OK and allow reboot.


If explorer still isn't working, understand that even after removing the malware that we see, we cannot always undo the damage that has been done to the system. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.

At this point, back up all your important documents. Reformat and reinstall XP and start fresh.

[sohil]

Hi Ried,

Still no luck. So I consider that there only option and which is to reformat system unless you have nay option.

I greatlly appreciate your and Aaflac effort to solve it. Also thanx a lot for your precious time.

REgards
SOhil

[Ried]

You're welcome, sohil. Yes, reformat and reinstall.

After you reinstall Windows, the first thing you'll want to do is install your Anti Virus program and update it's database. Next, it is crucial you go to Windows Update page. Click the green Start button and you should see the Windows Update at the top of the menu. Click that and it will take you directly to Microsoft's Updates.

Download and install all Critical Updates to patch any known vulnerabilites before you begin surfing the web.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

[sohil]

Hi Reid,

Thanks a ton for your kind suggetion. I am sure I will follow it and make sure that it wont happn again.

Have nice time.

Regards
Sohil