Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: rootkit.dayoff.process (the two logs)

  1. 2007-09-30, 23:09 #1
    alan lovegrove
    alan lovegrove is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    13

    Talking rootkit.dayoff.process (the two logs)

    Hi, I hope you can help clean up this problem. I have confidence you'll be able to. Avast, Avg antispy, adaware, trend housecall, vundofix, panda online, windows safety scan all found nothing Spybot found "rootkit.dayoff.process" and the description explanation told me to use the "tool Gmer" to "kill the processes hidden from windows API". There was no other instruction and not knowing what the heck "gmer" was I googled it and downloaded the tool then scanned with it. Unfortunately, (maybe fortunately), I did'nt know what to do with the results so the report sits on my desktop.

    So, since Spybot found the problem I looked into the forums and have been following the instructions for posting my problem and log files. The results of the kapersky scan follow here, (wow it found lots!), with the HJT report to follow shortly.

    Thanking you in advance,
    a.l. Sudbury, CAN

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, September 29, 2007 4:27:59 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.1
    Kaspersky Anti-Virus database last update: 30/09/2007
    Kaspersky Anti-Virus database records: 425657
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 52138
    Number of viruses found: 7
    Number of infected objects: 23
    Number of suspicious objects: 0
    Duration of the scan process: 00:29:50

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\drriacdw.dll.bac_a03992 Infected: Trojan.Win32.BHO.g skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\eihlqllm.dll.bac_a00180 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\ejmxaudm.dll.bad.bac_a03328 Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\eqlpygvm.dll.bac_a00180 Infected: Trojan.Win32.BHO.g skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\eyrtocuv.dll.bac_a00180 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\gthaimfa.dll.bad.bac_a03328 Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\jbcvmmoy.dll.bac_a01396 Infected: Packed.Win32.Klone.j skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\jtyltcgh.dll.bac_a00180 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\msnmsgr.exe.bac_a03992 Infected: Backdoor.Win32.MSNMaker.ag skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\nhsosoyw.dll.bac_a01396 Infected: Packed.Win32.Klone.j skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\oo.exe.bac_a00400 Infected: IM-Worm.Win32.Agent.a skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\sthtgpeb.dll.bac_a02236 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\tohphnnd.dll.bac_a01396 Infected: Packed.Win32.Klone.j skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\vgodbhsi.dll.bac_a00180 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\wngipqhe.dll.bac_a02584 Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\xcjcnisg.dll.bad.bac_a03328 Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
    C:\Documents and Settings\Alan\.housecall6.6\Quarantine\yuludtpw.dll.bac_a01396 Infected: Packed.Win32.Klone.j skipped
    C:\Documents and Settings\Alan\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Alan\Desktop\misc v scan aps\SmitfraudFix.exe RarSFX: infected - 2 skipped
    C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
    C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
    C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Alan\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Alan\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Alan\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{F3081F63-5847-4939-91B1-D872B41C61F3}\RP8\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_698.dat Object is locked skipped
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
  2. 2007-10-01, 00:16 #2
    alan lovegrove
    alan lovegrove is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    13

    Talking rootkit.dayoff.process con't

    trhis is my post for the HJT scan following my Kapersky scan above.. I followed the instructions to reboot in safe mode and do another scan with spybot. Spybot found nothing in safe mode so there was no red issues to fix. I rebooted into windows and scanned with HJT with the results posted below. However when i connected to the internet to post this the connection to IE was still very slow so I know the malware is still active and the
    last spybot scan is false, probable because it was run is safemode. True? Anyway, here is the HJT log. I hope it isn't a problem that the Kapersky and HJT logs are in separate posts.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:54:27 PM, on 29/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RunDLL32.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2725C906-3C2B-4D7A-ADBA-8A39C5C3F9D1} - (no file)
    O2 - BHO: (no name) - {42E9C61F-A370-4C4C-A6AC-0476CEB0BA41} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
    O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Office.lnk.disabled
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanc...instmodule.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/...s/MsnPUpld.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase2474.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://209.91.143.201/activex/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab
    O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.blogtv.ca//chatobject/launcher.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...24/mcfscan.cab
    O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
    O20 - Winlogon Notify: cbxwxww - cbxwxww.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

    --
    End of file - 10173 bytes
  3. 2007-10-01, 12:10 #3
    Angelfire777
    Angelfire777 is offline
    Retired Security Volunteer
    Join Date
    Dec 2006
    Posts
    752

    Default

    Hi, welcome to Safer Networking!

    last spybot scan is false, probable because it was run is safemode. True?
    Not true. Spybot should be more powerful in safe mode because most of the infections are inactive there.

    Download Gmer
    • Disconnect from internet and close running programs.
    • There is a small chance this application may crash your computer so save any work you have open.
    • Double click gmer.exe
    • Let the gmer.sys driver load if asked.
    • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
    • If no warning....
    • Click "Rootkit" tab and click "Scan"
    • Once done, click "Copy"
    • Open Notepad and hit "ctrl+v" to paste the log.
    • Reconnect to the internet and post the log back to this thread please.
    AngelFire777

    Proud member of UNITE and ASAP since 2006.
  4. 2007-10-02, 04:20 #4
    alan lovegrove
    alan lovegrove is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    13

    Talking gmer scan

    Hi and thanks,
    Here is the gmer scan. I find that when I reconnect to internet and attempt to connect to this or any site the IE becomes unresponsive and I have to close IE. If I then use internet options to clean history, temp files etc and then retry to connect, it will work as you can see. Must be the viruses listed in my kapersky scan noted above cause that problem.

    When I attempt to post the log it tells me the "text entered is too long (78964 characters). Please shorten it to 20000 characters long." I will give you as much as i can and wait for your instruction, but it seems like there are lots of empty space in the log which uses most of the character quota! thanks again.


    GMER 1.0.13.12551 - http://www.gmer.net
    Rootkit scan 2007-09-30 21:01:17
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.13 ----

    SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
    SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

    ---- Devices - GMER 1.0.13 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA5EBF76] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA5EA812] aswMon2.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [ED1C92C0] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [ED1C98E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP
  5. 2007-10-02, 11:26 #5
    Angelfire777
    Angelfire777 is offline
    Retired Security Volunteer
    Join Date
    Dec 2006
    Posts
    752

    Default

    Hi, the kaspersky log isn't very bad. Most of what it found were the infections that housecall quarantined.

    I need to see the whole gmer log. You can either post the whole gmer log by using separate posts or by uploading it to a site then post the link here.
    AngelFire777

    Proud member of UNITE and ASAP since 2006.
  6. 2007-10-03, 03:09 #6
    alan lovegrove
    alan lovegrove is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    13

    Default new gmer scan pt 1

    Hi and thanks,
    The kapersky scan results did show housecall results but that must be from a previous scan when i was having previous problems with vundo and some others.
    With my present problem neither housecall, panda online, avast, avg antispy, adaware, or anything else besides spybot found much other than cookies. I had to clear my temp files with internet options, and analyze and run ccleaner before gmer scanning and sending this file to you. I will have to post in 4 replies i estimate, since I don't know what you meant about uploading the total result to some "site". Also, when i first try to connect to a site through IE it takes very loooong to connect or freezes and I have to "end the unresponsive program".
    GMER 1.0.13.12551 - http://www.gmer.net
    Rootkit scan 2007-10-01 19:43:04
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.13 ----

    SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
    SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA5EBF76] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA5EA812] aswMon2.SYS
    AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA5EA812] aswMon2.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [ED4D12C0] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [ED4D18E6] aswTdi.SYS
  7. 2007-10-03, 03:12 #7
    alan lovegrove
    alan lovegrove is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    13

    Default pt 2

    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [ED4D12C0] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [ED4D18E6] aswTdi.SYS
  8. 2007-10-03, 03:15 #8
    alan lovegrove
    alan lovegrove is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    13

    Default pt3

    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [ED4D12C0] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [ED4D12C0] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [ED4D18E6] aswTdi.SYS
  9. 2007-10-03, 03:23 #9
    alan lovegrove
    alan lovegrove is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    13

    Default pt4

    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [ED4D18E6] aswTdi.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [ED4D18E6] aswTdi.SYS

    ---- Files - GMER 1.0.13 ----

    ADS C:\Documents and Settings\Alan\Favorites\music-lyrics chords etc\Guitar ta b Archive :favicon
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\na_la@msn.com\SharingMetadata\werdnaca@yahoo.com\DFSR\Staging\CS{DAE90B89-D9E1-43B7-575B-93CC0A06E650}\01\27-{DAE90B89-D9E1-43B7-575B-93CC0A06E650}-v1-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\na_la@msn.com\SharingMetadata\werdnaca@yahoo.com\DFSR\Staging\CS{DAE90B89-D9E1-43B7-575B-93CC0A06E650}\28\29-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v28-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\na_la@msn.com\SharingMetadata\werdnaca@yahoo.com\DFSR\Staging\CS{DAE90B89-D9E1-43B7-575B-93CC0A06E650}\28\29-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v28-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\na_la@msn.com\SharingMetadata\werdnaca@yahoo.com\DFSR\Staging\CS{DAE90B89-D9E1-43B7-575B-93CC0A06E650}\30\35-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v30-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\na_la@msn.com\SharingMetadata\werdnaca@yahoo.com\DFSR\Staging\CS{DAE90B89-D9E1-43B7-575B-93CC0A06E650}\30\35-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v30-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\na_la@msn.com\SharingMetadata\werdnaca@yahoo.com\DFSR\Staging\CS{DAE90B89-D9E1-43B7-575B-93CC0A06E650}\32\36-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v32-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\na_la@msn.com\SharingMetadata\werdnaca@yahoo.com\DFSR\Staging\CS{DAE90B89-D9E1-43B7-575B-93CC0A06E650}\32\36-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v32-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\na_la@msn.com\SharingMetadata\werdnaca@yahoo.com\DFSR\Staging\CS{DAE90B89-D9E1-43B7-575B-93CC0A06E650}\33\37-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v33-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\na_la@msn.com\SharingMetadata\werdnaca@yahoo.com\DFSR\Staging\CS{DAE90B89-D9E1-43B7-575B-93CC0A06E650}\33\37-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v33-{E57AF693-D322-4093-BFB3-D9560494FFAB}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\ashley_chmilewski@hotmail.com\DFSR\Staging\CS{F36E3827-F830-2423-66D6-95BF71FC39F1}\01\130-{F36E3827-F830-2423-66D6-95BF71FC39F1}-v1-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v130-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\ashley_chmilewski@hotmail.com\DFSR\Staging\CS{F36E3827-F830-2423-66D6-95BF71FC39F1}\31\134-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v131-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v134-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\ashley_chmilewski@hotmail.com\DFSR\Staging\CS{F36E3827-F830-2423-66D6-95BF71FC39F1}\31\134-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v131-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v134-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\ashley_chmilewski@hotmail.com\DFSR\Staging\CS{F36E3827-F830-2423-66D6-95BF71FC39F1}\35\139-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v135-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\ashley_chmilewski@hotmail.com\DFSR\Staging\CS{F36E3827-F830-2423-66D6-95BF71FC39F1}\35\139-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v135-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\ashley_chmilewski@hotmail.com\DFSR\Staging\CS{F36E3827-F830-2423-66D6-95BF71FC39F1}\35\140-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v135-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v140-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\ashley_chmilewski@hotmail.com\DFSR\Staging\CS{F36E3827-F830-2423-66D6-95BF71FC39F1}\35\140-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v135-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v140-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\blue-jae03@hotmail.com\DFSR\Staging\CS{E6075CD2-E569-D8DA-53E1-88443397A458}\01\56-{E6075CD2-E569-D8DA-53E1-88443397A458}-v1-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\01\72-{27D54435-A54F-AEEC-78FA-C67C46A5AA23}-v1-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v72-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\11\83-{E0052E5A-1D1F-4D82-8297-888C4190EBA3}-v11-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\11\83-{E0052E5A-1D1F-4D82-8297-888C4190EBA3}-v11-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v83-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\12\84-{E0052E5A-1D1F-4D82-8297-888C4190EBA3}-v12-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\12\84-{E0052E5A-1D1F-4D82-8297-888C4190EBA3}-v12-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v84-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\13\85-{E0052E5A-1D1F-4D82-8297-888C4190EBA3}-v13-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v85-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\13\85-{E0052E5A-1D1F-4D82-8297-888C4190EBA3}-v13-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v85-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\14\86-{E0052E5A-1D1F-4D82-8297-888C4190EBA3}-v14-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v86-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\14\86-{E0052E5A-1D1F-4D82-8297-888C4190EBA3}-v14-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v86-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\14\87-{6F73120F-0817-4D0B-A51F-F2BB4D42B694}-v14-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\14\87-{6F73120F-0817-4D0B-A51F-F2BB4D42B694}-v14-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v87-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\73\79-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v73-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v79-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\73\79-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v73-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v79-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\80\82-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v80-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\bongerella420@hotmail.com\DFSR\Staging\CS{27D54435-A54F-AEEC-78FA-C67C46A5AA23}\80\82-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v80-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexyangel_67@hotmail.com\DFSR\Staging\CS{797A9749-287A-C4EE-44B2-CD22F2920827}\01\71-{797A9749-287A-C4EE-44B2-CD22F2920827}-v1-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v71-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\01\16-{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}-v1-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
  10. 2007-10-03, 03:23 #10
    alan lovegrove
    alan lovegrove is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    13

    Default pt 5 (end of gmer scan)

    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\15\20-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v15-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\15\20-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v15-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\17\18-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v17-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\17\18-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v17-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\17\18-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v17-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\18\67-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v18-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\18\67-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v18-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\18\67-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v18-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\20\29-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v20-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\20\29-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v20-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\21\35-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v21-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\21\35-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v21-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\22\34-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v22-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\22\34-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v22-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\23\32-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v23-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\23\32-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v23-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\25\37-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v25-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\25\37-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v25-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\27\39-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v27-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\27\39-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v27-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\30\46-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v30-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\30\46-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v30-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\33\44-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v33-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\33\44-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v33-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\48\55-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v48-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
    ADS C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Messenger\paypaplaya@hotmail.com\SharingMetadata\sexykittie101@hotmail.com\DFSR\Staging\CS{BDAC16AA-DAD5-C607-4A05-B5FC3DC770D8}\48\55-{3D8BAE27-F1C8-4274-AA63-9F7F76EC24CA}-v48-{395FF857-7E97-42CD-89A3-1BEDE13B4182}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

    ---- EOF - GMER 1.0.13 ----
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules