Trojan. Don't know what happened!

This guy has the same problems I do, basically same files, found this on google.

http://translate.google.com/transla...m=6&ct=result&prev=/search?q=AvPSrv.exe&hl=en

I can't understand what they're saying...not very good with computers. Not sure if it helps (I don't know what to do! I'm getting desperate.

HJT log is still the same, no matter what I do. I can't find the files manually, even if I put folder options to show hidden files:

Logfile of HijackThis v1.99.1
Scan saved at 11:51:14 PM, on 2007-05-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HI JACK!\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [8u3] C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\c0nime.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
 
hi,

i saw that link. looks like they ran some software to remove it. never heard of that software--360 safe.exe its also a "newer" trojan.
its also a password stealing trojan, i would be very careful about using any passwords online. most trojans also fetch more trojans so i would use the computer as little as possible. if you have a cable modem, unplug it when off the internet. we can try avenger to remove some of the files and do some online scans afterwards:
---------------------------------------

Download The Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste the following bold text:

Files to delete:
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\upxdnd.exe


Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt.
Reboot,post a new Hijack This log as well please.

first stop:
Panda ActiveScan

http://www.pandasoftware.com/products/activescan.htm

* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send (use a fake e-mail)
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
------------------------------
eTrust online scanner:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

help link for eTrust:
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?areaid=54&CID=52109&ID=
-------------------------
afterwards: post a new hjt log, the avenger report and the panda report.

shelf life
 
The scan for avenger says it can't find the files, but everytime I run adwatch, they come up. Hijack this doesn't pick them up till then, either.

Avenger Log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\edmdlqnq

*******************

Script file located at: \??\C:\Documents and Settings\oahajmki.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\AVPSrv.exe not found!
Deletion of file C:\WINDOWS\AVPSrv.exe failed!

Could not process line:
C:\WINDOWS\AVPSrv.exe
Status: 0xc0000034



File C:\WINDOWS\mppds.exe not found!
Deletion of file C:\WINDOWS\mppds.exe failed!

Could not process line:
C:\WINDOWS\mppds.exe
Status: 0xc0000034



File C:\WINDOWS\msccrt.exe not found!
Deletion of file C:\WINDOWS\msccrt.exe failed!

Could not process line:
C:\WINDOWS\msccrt.exe
Status: 0xc0000034



File C:\WINDOWS\upxdnd.exe not found!
Deletion of file C:\WINDOWS\upxdnd.exe failed!

Could not process line:
C:\WINDOWS\upxdnd.exe
Status: 0xc0000034



File C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\c0nime.exe not found!
Deletion of file C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\c0nime.exe failed!

Could not process line:
C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\c0nime.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
_________________________________________________________________

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:07:36 PM, on 2007-05-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HI JACK!\scanner.exe.exe
C:\Program Files\MSN Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - Global Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
_________________________________________________________________

Panda ActiveScan log:

Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.exe
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Darrell Lau\Cookies\darrell lau@burstnet[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Downloads\ComboFix.exe[ComboFixT\nircmd.exe]
Adware:Adware/WebSearch Not disinfected C:\Program Files\HI JACK!\backups\backup-20070427-220035-403.dll
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Program Files\HI JACK!\oldbackups\backup-20060616-213155-625-PowerReg SchedulerV2.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-1715567821-1383384898-1957994488-1010\Dc25.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-1715567821-1383384898-1957994488-1010\Dc28\nircmd.exe
Spyware:Cookie/Azjmp Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@azjmp[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@ccbill[2].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@xiti[1].txt
Virus:Trj/Lineage.DTB Disinfected C:\WINDOWS\system32\k11166598841.exe
Virus:Trj/Lineage.DTB Disinfected C:\WINDOWS\system32\k11166598852.exe
Virus:Trj/Lineage.DTB Disinfected C:\WINDOWS\system32\k11166598906.exe
Virus:Trj/Lineage.DTB Disinfected C:\WINDOWS\system32\k11797180011.exe
Virus:Trj/Lineage.DTB Disinfected C:\WINDOWS\system32\k11797180032.exe
Virus:Trj/Lineage.DTB Disinfected C:\WINDOWS\system32\k11797180076.exe
Virus:Trj/Lineage.DTB Disinfected C:\WINDOWS\system32\nwizhx2.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/SAHAgent Not disinfected D:\WINDOWS\INF\payload.inf
Potentially unwanted tool:Application/PRScheduler Not disinfected D:\WINDOWS\Start Menu\Programs\StartUp\PowerReg SchedulerV2.exe
Adware:Adware/WUpd Not disinfected D:\WINDOWS\Downloaded Program Files\WinadX.inf
Dialer:Dialer.B Not disinfected D:\WINDOWS\Downloaded Program Files\ia.inf
Dialer:Dialer.B Not disinfected D:\WINDOWS\Downloaded Program Files\EGAUTH_pack.inf
Dialer:Dialer.HOI Not disinfected D:\WINDOWS\Downloaded Program Files\ActiveSecurity.INF
Spyware:Spyware/BetterInet Not disinfected D:\WINDOWS\Downloaded Program Files\turbo.inf
Virus:Trj/Downloader.QV Disinfected D:\WINDOWS\Downloaded Program Files\vxiewer.inf
Spyware:Cookie/BurstBeacon Not disinfected D:\WINDOWS\Cookies\darrell@www.burstbeacon[1].txt
Spyware:Cookie/BurstNet Not disinfected D:\WINDOWS\Cookies\darrell@burstnet[2].txt
Spyware:Spyware/New.net Not disinfected D:\WINDOWS\NDNuninstall6_10.exe
Spyware:Spyware/New.net Not disinfected D:\WINDOWS\NDNuninstall6_22.exe
 
hi demonic_angel,

is your Nod32 antivirus up to date?

this wasnt in the lines for avenger to delete lets get rid of this first then use avenger again:
9Deletion of file C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\c0nime.exe failed!)

so lets try this, i think we did this before we used avenger-- we will use hjt in safe mode-- then run avenger.

make sure files are set to show first:
FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok
-------------------------------------
might want to copy/paste this into notepad and save it so you can read it in safe mode.

boot computer into safe mode, by tapping the f8 key during a computer restart. chose first option: safe mode

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe

O4 - HKCU\..\Run: [8u3] C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\c0nime.exe
-------------------------------------
next:
Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste the following bold text:

Files to delete:
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\mcdbcs.exe
C:\documents and settings\Darrel\Local Settings\Temp\c0nime.exe


Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.
avenger will boot you back to windows

Post the Avenger output.txt, which you can find at C:\Avenger\.txt.

shelf life
 
For some reason, Avenger can't make a zip file

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not create zip file.
Error code: 1813


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hrdgrgae

*******************

Script file located at: \??\C:\uqfjcbfj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\AVPSrv.exe not found!
Deletion of file C:\WINDOWS\AVPSrv.exe failed!

Could not process line:
C:\WINDOWS\AVPSrv.exe
Status: 0xc0000034



File C:\WINDOWS\mppds.exe not found!
Deletion of file C:\WINDOWS\mppds.exe failed!

Could not process line:
C:\WINDOWS\mppds.exe
Status: 0xc0000034



File C:\WINDOWS\msccrt.exe not found!
Deletion of file C:\WINDOWS\msccrt.exe failed!

Could not process line:
C:\WINDOWS\msccrt.exe
Status: 0xc0000034



File C:\WINDOWS\upxdnd.exe not found!
Deletion of file C:\WINDOWS\upxdnd.exe failed!

Could not process line:
C:\WINDOWS\upxdnd.exe
Status: 0xc0000034



File C:\WINDOWS\mcdbcs.exe not found!
Deletion of file C:\WINDOWS\mcdbcs.exe failed!

Could not process line:
C:\WINDOWS\mcdbcs.exe
Status: 0xc0000034



Could not open file C:\documents and settings\Darrel\Local Settings\Temp\c0nime.exe for deletion
Deletion of file C:\documents and settings\Darrel\Local Settings\Temp\c0nime.exe failed!

Could not process line:
C:\documents and settings\Darrel\Local Settings\Temp\c0nime.exe
Status: 0xc000003a


Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rsayhwpl

*******************

Script file located at: \??\C:\WINDOWS\gylmhins.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\AVPSrv.exe not found!
Deletion of file C:\WINDOWS\AVPSrv.exe failed!

Could not process line:
C:\WINDOWS\AVPSrv.exe
Status: 0xc0000034



File C:\WINDOWS\mppds.exe not found!
Deletion of file C:\WINDOWS\mppds.exe failed!

Could not process line:
C:\WINDOWS\mppds.exe
Status: 0xc0000034



File C:\WINDOWS\msccrt.exe not found!
Deletion of file C:\WINDOWS\msccrt.exe failed!

Could not process line:
C:\WINDOWS\msccrt.exe
Status: 0xc0000034



File C:\WINDOWS\upxdnd.exe not found!
Deletion of file C:\WINDOWS\upxdnd.exe failed!

Could not process line:
C:\WINDOWS\upxdnd.exe
Status: 0xc0000034



File C:\WINDOWS\mcdbcs.exe not found!
Deletion of file C:\WINDOWS\mcdbcs.exe failed!

Could not process line:
C:\WINDOWS\mcdbcs.exe
Status: 0xc0000034



Could not open file C:\documents and settings\Darrel\Local Settings\Temp\c0nime.exe for deletion
Deletion of file C:\documents and settings\Darrel\Local Settings\Temp\c0nime.exe failed!

Could not process line:
C:\documents and settings\Darrel\Local Settings\Temp\c0nime.exe
Status: 0xc000003a


Completed script processing.

*******************

Finished! Terminate.
 
hi demonic_angel,

avenger couldnt find the files. dont know what to make of that. we can try pocket killbox. in any case i would use this computer as little as possible unitl its cleaned up.

Download Pocket KillBox from here:
http://www.atribune.org/downloads/KillBox.exe
-----------------------------------
might want ot copy paste this into notepad and save it so you can read it in safe mode.

boot computer into safe mode like before-- once in safe mode:

start killbox.exe

Select the options: delete on reboot

copy paste this line into the field Full Path of File to Delete

C:\documents and settings\Darrel\Local Settings\Temp\c0nime.exe

then click the button with a white X on red background

When asked if you would like to Reboot,>>> select No.

Once again, in Full Path of File to Delete, copy and paste the following one at a time, clicking no to reboot prompts:

C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\upxdnd.exe

when you've copy/pasted the last file on the list

Press the button with a red circle and a white X.
When asked to Reboot this time>>>>select Yes.
-------------------------------------------------------
rescan and post a new hjt log. is your antivirus (nod32) up to date?

shelf life
 
I have a theory. I scanned through with online scanners, used Nod32, spybot, ad-wareSE professional, and used HJT. I went through the registry but I couldn't find the registry keys. I can't find the files manually, either. So I'm thinking that the files are actually gone, but only the registry keys are left. I talked this through with my uncle, who owns a computer company. Only thing that works against this is that whenever I double click c:\ or d:\, it brings me to the menu that asks you to select a program to open it with.

In anycase, here's the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 6:44:32 PM, on 2007-05-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\HI JACK!\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [8u3] C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\c0nime.exe
O4 - Global Startup: NOD32 Control Center.lnk = C:\Program Files\ESET\nod32kui.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

End of report

Thanks once again
 
hi demonic_angel,

i dont think the hard drive problem is related to the hjt problem. we can come back to it.
those 04 entries are taken from startup locations in the registry. normally hjt can delete them. sometimes having real time protection running like spybots tea timer or avg guard can interfere with the "fix" but we did it in safe mode so no real time protection would be running.

the fact that you or avenger cant find the files is good but i dont know why there still showing in the log.
lets try one more download:

download Gmer to desktop:

http://www.gmer.net/

unzip it and click the icon to run, select the Rootkit tab and click the scan button.
after the scan select the copy button, start notepad and paste the log in notepad. name and save the txt file somewhere and post it in next reply.

shelf life
 
Heres the log:

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-28 22:58:58
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F735B62C 5 Bytes JMP 818F77A0
? System32\Drivers\ab5ftspx.SYS The system cannot find the file specified.
? C:\WINDOWS\system32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] kernel32.dll!LoadResource 7C80A065 7 Bytes JMP 27001B70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] kernel32.dll!FindResourceExW 7C80AB10 7 Bytes JMP 27001AE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] kernel32.dll!FindResourceW 7C80BA56 7 Bytes JMP 27001A60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] kernel32.dll!SizeofResource 7C80BAF1 7 Bytes JMP 27001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] kernel32.dll!LockResource 7C80C6CF 2 Bytes JMP 27001CD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] kernel32.dll!LockResource + 3 7C80C6D2 2 Bytes [ 7F, AA ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] kernel32.dll!CreateEventA 7C81E4BD 5 Bytes JMP 27001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 27001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] ADVAPI32.dll!CryptDecrypt 77DEA7B1 2 Bytes JMP 27001050 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] ADVAPI32.dll!CryptDecrypt + 3 77DEA7B4 4 Bytes [ 21, AF, CC, CC ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] USER32.dll!PeekMessageW 77D49278 5 Bytes JMP 27003A20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 27003330 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] USER32.dll!SetWindowRgn 77D51DE0 7 Bytes JMP 27004D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] USER32.dll!CreateDialogParamW 77D6629F 5 Bytes JMP 27004E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] USER32.dll!SetWindowPlacement 77D6FBEA 5 Bytes JMP 27004CA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 27004F80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] USER32.dll!TrackPopupMenuEx 77D9CAFE 5 Bytes JMP 270041F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] WS2_32.dll!send 71AB428A 5 Bytes JMP 27009150 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 27008F40 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] WS2_32.dll!recv 71AB615A 5 Bytes JMP 27008DB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 270092D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 270094E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 5 Bytes JMP 27002B10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] ole32.dll!CoInitializeEx 774F42F3 5 Bytes JMP 27001D30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] ole32.dll!CoRegisterClassObject 77541BFC 5 Bytes JMP 27001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] WININET.dll!HttpOpenRequestA 771C4AC5 5 Bytes JMP 27007D00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] WININET.dll!InternetCloseHandle 771C61DC 1 Byte [ E9 ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] WININET.dll!InternetCloseHandle + 2 771C61DE 3 Bytes [ 1D, E4, AF ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] WININET.dll!HttpSendRequestA 771C76B8 5 Bytes JMP 27007F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2148] WININET.dll!InternetReadFile 771C9555 5 Bytes JMP 27007E60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
 
Log continued

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823661E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823661E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 817111E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 817111E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{38E5B0CE-B755-40EC-99C3-CAB8DB94C0D6} IRP_MJ_CREATE 818EE610
Device \Driver\NetBT \Device\NetBT_Tcpip_{38E5B0CE-B755-40EC-99C3-CAB8DB94C0D6} IRP_MJ_CLOSE 818EE610
Device \Driver\NetBT \Device\NetBT_Tcpip_{38E5B0CE-B755-40EC-99C3-CAB8DB94C0D6} IRP_MJ_DEVICE_CONTROL 818EE610
Device \Driver\NetBT \Device\NetBT_Tcpip_{38E5B0CE-B755-40EC-99C3-CAB8DB94C0D6} IRP_MJ_INTERNAL_DEVICE_CONTROL 818EE610
Device \Driver\NetBT \Device\NetBT_Tcpip_{38E5B0CE-B755-40EC-99C3-CAB8DB94C0D6} IRP_MJ_CLEANUP 818EE610
Device \Driver\NetBT \Device\NetBT_Tcpip_{38E5B0CE-B755-40EC-99C3-CAB8DB94C0D6} IRP_MJ_PNP 818EE610
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE
 
Log continued

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 819AE1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 823681E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 823681E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 823681E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 823681E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 823681E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 823681E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 823681E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 823681E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 823681E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 823681E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ
 
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 823681E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 823681E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 823681E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 823681E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 823681E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 823681E8
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_CREATE [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_CREATE_NAMED_PIPE [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_CLOSE [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_READ [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_WRITE [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_QUERY_INFORMATION [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_SET_INFORMATION [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_QUERY_EA [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_SET_EA [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_FLUSH_BUFFERS [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_QUERY_VOLUME_INFORMATION [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_SET_VOLUME_INFORMATION [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_DIRECTORY_CONTROL [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_FILE_SYSTEM_CONTROL [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_DEVICE_CONTROL [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_SHUTDOWN [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_LOCK_CONTROL [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_CLEANUP [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_CREATE_MAILSLOT [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_QUERY_SECURIT
 
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_SET_SECURITY [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_POWER [F8449DB8] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_SYSTEM_CONTROL [F8464344] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_DEVICE_CHANGE [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_QUERY_QUOTA [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_SET_QUOTA [F8467F18] sptd.sys
Device \Driver\PCI_NTPNP2400 \Device\00000048 IRP_MJ_PNP [F84652D0] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 823D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 823D81E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 819D2980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 819D2980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 819D2980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 819D2980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 819D2980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 819D2980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 819D2980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 819D2980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 819D2980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 819D2980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP
 
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 819D2980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 819D2980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 819D2980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 819D2980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 819D2980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 819D2980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 819D2980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 819D2980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 819D2980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 819D2980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 819D2980
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_CREATE 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_CLOSE 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_DEVICE_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_POWER 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_SYSTEM_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_PNP 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_CREATE 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_CLOSE 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_DEVICE_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_POWER 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_SYSTEM_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_PNP 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_CREATE 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_CLOSE 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_DEVICE_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_POWER 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_SYSTEM_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_PNP
 
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_CREATE 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_CLOSE 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_DEVICE_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_POWER 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_SYSTEM_CONTROL 823671E8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_PNP 823671E8
Device \Driver\usbstor \Device\00000073 IRP_MJ_CREATE 817E83C0
Device \Driver\usbstor \Device\00000073 IRP_MJ_CLOSE 817E83C0
Device \Driver\usbstor \Device\00000073 IRP_MJ_READ 817E83C0
Device \Driver\usbstor \Device\00000073 IRP_MJ_WRITE 817E83C0
Device \Driver\usbstor \Device\00000073 IRP_MJ_DEVICE_CONTROL 817E83C0
Device \Driver\usbstor \Device\00000073 IRP_MJ_INTERNAL_DEVICE_CONTROL 817E83C0
Device \Driver\usbstor \Device\00000073 IRP_MJ_POWER 817E83C0
Device \Driver\usbstor \Device\00000073 IRP_MJ_SYSTEM_CONTROL 817E83C0
Device \Driver\usbstor \Device\00000073 IRP_MJ_PNP 817E83C0
Device \Driver\usbstor \Device\00000077 IRP_MJ_CREATE 817E83C0
Device \Driver\usbstor \Device\00000077 IRP_MJ_CLOSE 817E83C0
Device \Driver\usbstor \Device\00000077 IRP_MJ_READ 817E83C0
Device \Driver\usbstor \Device\00000077 IRP_MJ_WRITE 817E83C0
Device \Driver\usbstor \Device\00000077 IRP_MJ_DEVICE_CONTROL 817E83C0
Device \Driver\usbstor \Device\00000077 IRP_MJ_INTERNAL_DEVICE_CONTROL 817E83C0
Device \Driver\usbstor \Device\00000077 IRP_MJ_POWER 817E83C0
Device \Driver\usbstor \Device\00000077 IRP_MJ_SYSTEM_CONTROL 817E83C0
Device \Driver\usbstor \Device\00000077 IRP_MJ_PNP 817E83C0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 818EE610
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 818EE610
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 818EE610
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 818EE610
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 818EE610
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 818EE610
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 818EE610
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 818EE610
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 818EE610
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 818EE610
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 818EE610
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 818EE610
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER
 
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 819AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 819AE1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8179D558
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION
 
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8179D558
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8179D558
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823D81E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 823D81E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 823D81E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 823D81E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 823D81E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 823D81E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 823D81E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 823D81E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 823D81E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 823D81E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 823D81E8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1Port2Path0Target0Lun0 IRP_MJ_CREATE 819AA5F8
 
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1Port2Path0Target0Lun0 IRP_MJ_CLOSE 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1Port2Path0Target0Lun0 IRP_MJ_POWER 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1Port2Path0Target0Lun0 IRP_MJ_PNP 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1 IRP_MJ_CREATE 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1 IRP_MJ_CLOSE 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1 IRP_MJ_DEVICE_CONTROL 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1 IRP_MJ_INTERNAL_DEVICE_CONTROL 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1 IRP_MJ_POWER 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1 IRP_MJ_SYSTEM_CONTROL 819AA5F8
Device \Driver\ab5ftspx \Device\Scsi\ab5ftspx1 IRP_MJ_PNP 819AA5F8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 817111E8
 
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 817111E8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 817111E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81796980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81796980

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BCC21211-533D-F660-06FF-12C4F84F2776}@dbemkcogpjelleolamkojpffggfmeebggdlhcjde 0x6B 0x61 0x63 0x61 ...
 
---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{5B3346AE-74A7-2834-C194-CCFF3B285739}\01\10-{5B3346AE-74A7-2834-C194-CCFF3B285739}-v1-{DB61AE25-E9E5-4569-B0D4-848C2DAEF89B}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{5B3346AE-74A7-2834-C194-CCFF3B285739}\46\484-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v246-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v484-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{5B3346AE-74A7-2834-C194-CCFF3B285739}\46\484-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v246-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v484-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{5B3346AE-74A7-2834-C194-CCFF3B285739}\46\484-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v246-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v484-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{5B3346AE-74A7-2834-C194-CCFF3B285739}\47\485-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v247-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v485-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{5B3346AE-74A7-2834-C194-CCFF3B285739}\47\485-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v247-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v485-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{5B3346AE-74A7-2834-C194-CCFF3B285739}\47\485-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v247-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v485-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{5B3346AE-74A7-2834-C194-CCFF3B285739}\48\486-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v248-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v486-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{5B3346AE-74A7-2834-C194-CCFF3B285739}\48\486-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v248-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v486-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{5B3346AE-74A7-2834-C194-CCFF3B285739}\48\486-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v248-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v486-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\its_mc_b@hotmail.com\DFSR\Staging\CS{75850324-99AD-A68A-E102-BC24BFA481AD}\01\11-{75850324-99AD-A68A-E102-BC24BFA481AD}-v1-{DB61AE25-E9E5-4569-B0D4-848C2DAEF89B}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{5E6B2254-C622-7734-4C7C-AB05A93B7997}\01\13-{5E6B2254-C622-7734-4C7C-AB05A93B7997}-v1-{DB61AE25-E9E5-4569-B0D4-848C2DAEF89B}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{5E6B2254-C622-7734-4C7C-AB05A93B7997}\14\14-{DB61AE25-E9E5-4569-B0D4-848C2DAEF89B}-v14-{DB61AE25-E9E5-4569-B0D4-848C2DAEF89B}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{5E6B2254-C622-7734-4C7C-AB05A93B7997}\14\14-{DB61AE25-E9E5-4569-B0D4-848C2DAEF89B}-v14-{DB61AE25-E9E5-4569-B0D4-848C2DAEF89B}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\endless.apathy@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{5E6B2254-C622-7734-4C7C-AB05A93B7997}\14\14-{DB61AE25-E9E5-4569-B0D4-848C2DAEF89B}-v14-{DB61AE25-E9E5-4569-B0D4-848C2DAEF89B}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{B7FD78BC-99BF-3907-5F63-E306B387BADA}\01\593-{B7FD78BC-99BF-3907-5F63-E306B387BADA}-v1-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v593-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{B7FD78BC-99BF-3907-5F63-E306B387BADA}\42\488-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v242-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v488-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{B7FD78BC-99BF-3907-5F63-E306B387BADA}\42\488-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v242-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v488-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{B7FD78BC-99BF-3907-5F63-E306B387BADA}\42\488-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v242-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v488-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{B7FD78BC-99BF-3907-5F63-E306B387BADA}\43\487-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v243-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v487-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{B7FD78BC-99BF-3907-5F63-E306B387BADA}\43\487-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v243-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v487-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{B7FD78BC-99BF-3907-5F63-E306B387BADA}\43\487-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v243-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v487-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{B7FD78BC-99BF-3907-5F63-E306B387BADA}\44\489-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v244-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v489-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{B7FD78BC-99BF-3907-5F63-E306B387BADA}\44\489-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v244-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v489-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\avamirdragniz@hotmail.com\DFSR\Staging\CS{B7FD78BC-99BF-3907-5F63-E306B387BADA}\44\489-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v244-{5B2D37B6-8090-4AC3-8F00-3FB36CF92005}-v489-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{CCC1F0B2-3E72-1BD9-C063-4024DA2CB0EA}\01\591-{CCC1F0B2-3E72-1BD9-C063-4024DA2CB0EA}-v1-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v591-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{CCC1F0B2-3E72-1BD9-C063-4024DA2CB0EA}\68\168-{B51107E0-380F-4782-9FE8-8497494A85D0}-v168-{B51107E0-380F-4782-9FE8-8497494A85D0}-v168-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{CCC1F0B2-3E72-1BD9-C063-4024DA2CB0EA}\68\168-{B51107E0-380F-4782-9FE8-8497494A85D0}-v168-{B51107E0-380F-4782-9FE8-8497494A85D0}-v168-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{CCC1F0B2-3E72-1BD9-C063-4024DA2CB0EA}\68\168-{B51107E0-380F-4782-9FE8-8497494A85D0}-v168-{B51107E0-380F-4782-9FE8-8497494A85D0}-v168-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{CCC1F0B2-3E72-1BD9-C063-4024DA2CB0EA}\96\16-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v596-{722C2D1A-AC5B-4025-BB65-C601756DB6BC}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{CCC1F0B2-3E72-1BD9-C063-4024DA2CB0EA}\96\16-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v596-{722C2D1A-AC5B-4025-BB65-C601756DB6BC}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\melodywaltz@hotmail.com\DFSR\Staging\CS{CCC1F0B2-3E72-1BD9-C063-4024DA2CB0EA}\96\16-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v596-{722C2D1A-AC5B-4025-BB65-C601756DB6BC}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\natalie_ngan@hotmail.com\DFSR\Staging\CS{8BD3962D-5146-CC25-B821-30C11F7D0888}\01\590-{8BD3962D-5146-CC25-B821-30C11F7D0888}-v1-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v590-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\natalie_ngan@hotmail.com\DFSR\Staging\CS{8BD3962D-5146-CC25-B821-30C11F7D0888}\13\13-{D3A4C29F-2927-4E96-853D-F9FB0DEA204B}-v13-{D3A4C29F-2927-4E96-853D-F9FB0DEA204B}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\natalie_ngan@hotmail.com\DFSR\Staging\CS{8BD3962D-5146-CC25-B821-30C11F7D0888}\95\595-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v595-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v595-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\natalie_ngan@hotmail.com\DFSR\Staging\CS{8BD3962D-5146-CC25-B821-30C11F7D0888}\95\595-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v595-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v595-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\natalie_ngan@hotmail.com\DFSR\Staging\CS{8BD3962D-5146-CC25-B821-30C11F7D0888}\95\595-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v595-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v595-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\wu_man425@hotmail.com\DFSR\Staging\CS{813D50DE-C6DA-B152-7B11-47F61989427E}\01\567-{813D50DE-C6DA-B152-7B11-47F61989427E}-v1-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v567-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Darrell Lau\Local Settings\Application Data\Microsoft\Messenger\eternal_lasting_love@hotmail.com\SharingMetadata\wu_man425@hotmail.com\DFSR\Staging\CS{813D50DE-C6DA-B152-7B11-47F61989427E}\66\566-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v566-{07A55DCD-B0F6-49EF-A519-CF9E5FDEA37E}-v566-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.12 ----
 
You must log in or register to reply here.
Back
Top