Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I may have the TDSS rootkit


  • Please log in to reply
4 replies to this topic

#1 BinaryGuru

BinaryGuru

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 28 January 2009 - 04:45 AM

I have been trying to restore a friends computer for about 8 hours now.

I have removed move of the malware that got installed. The malware that started this whole mess was AV360.

Now I'm left with a functioning system except for some major anomalies.

First off, I cannot browse to ANY well know security related web site. This is the root of most of the problems.

I checked to see if I can ping the sites, and they to work. However, on all the sites that seem to not load in my browsers, they come back with a round-trip time of 1<ms. This I know is impossible. So I ran rootketrevealer from sysinternals.com. I found entries to TDSS in the scan.

Oh, almost forgot. I cannot seem to run or install ANY well known anti-malware software. Windows loads the executable image to memory and then the process seems to be suspended.

I am running Windows XP Pro with SP3 and all latest updates. I also have IE 7 with latest updates and the latest version of Firefox 3.

So I'm wondering what to do next. Any help on this matter would be greatly appreciated.

P.S. I have noticed that the people that give assistance tend to avoid dealing with this rootkit as it's 'really hard to remove' or 'very damaging to the system'. I just need help ripping it from this system, I can fix the system after very easily.

Edited by BinaryGuru, 28 January 2009 - 05:21 AM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:11 AM

Posted 28 January 2009 - 11:35 AM

If mbam won't install

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

------------------------------------------------------------------

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 BinaryGuru

BinaryGuru
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 28 January 2009 - 01:37 PM

Just to let you know. I am using a laptop running ubuntu 8.10 to communicate here as the rootkit will not let me on this website.

I downloaded mbam-setup.exe and copied it to my USB flash drive. I renamed the extention to .bat and it ran. When the install was done, it asked me if I would like to launch it and update it. Of course I did this. mbam.exe would load into memory and then the exe would stay suspended. So I had to rename the main program file as well.

I then proceded to update MBAM. Connection to the update server failed instantly. The rootkit is blocking that as well. So I downloaded the latest definitions (rules) and copied it to my flash disk. I had to rename this as well to get it to run. The updated rules were applied successfully (I checked the update tab in MBAM and noted the rules version was the latest).

I then ran a quick scan. I found many item on my system including some of the files TDSS is running from. Here's the log:
[codebox]Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 5.1.2600 Service Pack 3

27/01/2009 1:08:01 PM
mbam-log-2009-01-27 (13-08-01).txt

Scan type: Quick Scan
Objects scanned: 67025
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 49

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\jkkHyayY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YyayHkkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YyayHkkj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mnjfhlev.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\velhfjnm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxurSi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iSruxyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iSruxyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfum.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoiqh.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSpqxt.sys (Trojan.TDSS) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-715985669-4262395866-457231743-500\Dc637\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\ravie_2\Local Settings\Temp\TDSS4ffa.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090103220809671.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090103221548984.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090103222319953.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090104041225109.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090104043608890.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090104053854250.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090104104459531.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090104113335515.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090104190409953.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090104192603156.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090104193616687.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090104201733593.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090119204754359.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090119214244140.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnkIyWq.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeCrpO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNDSlk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNFurp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBRkJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYsQhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnOFyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRjhgE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcYOgFu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifgGaww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPJaya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbBUnm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbCtRh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGxVMF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dweltivi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csrs.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Delete on reboot.
[/codebox]

It then asked me to scan on reboot. So I rebooted and it tried to run a scan and failed. Windows gave me and error telling me it could not find the .exe file. I had renamed it to .bat, so left that box there and opened task manager and ran MBAM manually and ran a quick scan again. It found 1 file and deleted it correctly. Here's the next log:
[codebox]Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 5.1.2600 Service Pack 3

27/01/2009 1:27:30 PM
mbam-log-2009-01-27 (13-27-30).txt

Scan type: Quick Scan
Objects scanned: 66282
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\ravie_2\Local Settings\Temp\TDSS4feb.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
[/codebox]

I going to run RootkitRevealer again and see what it finds.

I'm awaiting further instructions.

Edited by BinaryGuru, 28 January 2009 - 01:48 PM.


#4 BinaryGuru

BinaryGuru
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 28 January 2009 - 02:21 PM

OK. I ran RootkitRevealer again and it found some interesting things. Mostly files being hidden from the Windows API.

Here's the log:
[codebox]HKLM\SECURITY\Policy\Secrets\SAC* 09/08/2004 1:53 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 09/08/2004 1:53 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 05/01/2009 10:10 PM 0 bytes Access is denied.
C:\Documents and Settings\danny\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\xx_jeph4_xx@hotmail.com\DFSR\Staging\CS{FEC25BAD-1FE5-4E9D-32A5-8075805E5BF0}\01\10-{FEC25BAD-1FE5-4E9D-32A5-8075805E5BF0}-v1-{A 19/01/2009 6:39 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\marie pier\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\bluewater012@gmail.com\DFSR\Staging\CS{B30EA059-B852-03DA-85FA-90E7453122CA}\01\14-{B30EA059-B852-03DA-85FA-90E7453122CA}-v 12/01/2009 8:18 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\marie pier\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\masterbizouli@hotmail.com\DFSR\Staging\CS{4585F718-C218-6D2C-6F65-A1B64A35CA28}\01\16-{4585F718-C218-6D2C-6F65-A1B64A35CA28 12/01/2009 9:04 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\marie pier\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\xx_jeph4_xx@hotmail.com\DFSR\Staging\CS{FEC25BAD-1FE5-4E9D-32A5-8075805E5BF0}\01\13-{FEC25BAD-1FE5-4E9D-32A5-8075805E5BF0}- 12/01/2009 9:03 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 112 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 721.03 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 794.17 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 687.28 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 962.19 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 1.01 MB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 843.79 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 761.04 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 849.69 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 684.09 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 613.71 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 733.03 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 789.34 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 761.73 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 606.60 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 1007.88 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 866.72 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 936.04 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 16.78 MB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 736.78 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 717.21 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 990.53 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 994.06 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 908.01 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E7 07/01/2009 8:27 AM 800.65 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\bergevinpower@hotmail.com\DFSR\Staging\CS{7E4C0E54 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\bergevinpower@hotmail.com\DFSR\Staging\CS{7E4C0E54 07/01/2009 8:27 AM 112 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\bluewater012@gmail.com\DFSR\Staging\CS{B30EA059-B8 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\bluewater012@gmail.com\DFSR\Staging\CS{B30EA059-B8 07/01/2009 8:27 AM 112 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\masterbizouli@hotmail.com\DFSR\Staging\CS{4585F718 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\masterbizouli@hotmail.com\DFSR\Staging\CS{4585F718 07/01/2009 8:27 AM 112 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\souisouinne@hotmail.com\DFSR\Staging\CS{7286FB44-0 15/11/2008 12:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Desktop\document\souisouinne2413134996\présentation liste facture tissu\carte\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\souisouinne@hotmail.com\DFSR\Staging\CS{7286FB44-0 07/01/2009 8:27 AM 112 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\01\17-{E74960D1-5F73-F04E-A2E1-CA0EAA3E597 05/01/2009 5:14 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\18\35-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:21 PM 720 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\19\34-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:21 PM 800 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\20\33-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:21 PM 688 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\21\32-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:21 PM 968 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\22\31-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:21 PM 1.02 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\23\30-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:20 PM 848 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\24\29-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:20 PM 760 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\25\28-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:20 PM 856 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\26\27-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:20 PM 688 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\27\26-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:20 PM 616 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\28\25-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:20 PM 736 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\29\24-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:20 PM 792 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\30\23-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:19 PM 768 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\31\22-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:19 PM 608 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\32\21-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:19 PM 1008 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\33\20-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:19 PM 872 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\34\19-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:19 PM 936 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\35\18-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:19 PM 16.76 KB Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\36\17-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:15 PM 736 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\37\16-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:15 PM 720 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\38\12-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:14 PM 992 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\39\13-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:15 PM 1000 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\40\14-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:15 PM 912 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\all_the_same_things@hotmail.com\DFSR\Staging\CS{E74960D1-5F73-F04E-A2E1-CA0EAA3E5975}\41\15-{17922D86-2E52-49E1-899B-89AFC5E28BE 05/01/2009 5:15 PM 800 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\bluewater012@gmail.com\DFSR\Staging\CS{B30EA059-B852-03DA-85FA-90E7453122CA}\01\22-{B30EA059-B852-03DA-85FA-90E7453122CA}-v1-{60 06/01/2009 7:29 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\claudia200513@hotmail.com\DFSR\Staging\CS{7ACAFB71-138B-C8A1-F895-A2A4E5F6EC79}\01\23-{7ACAFB71-138B-C8A1-F895-A2A4E5F6EC79}-v1- 22/12/2008 9:54 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\masterbizouli@hotmail.com\DFSR\Staging\CS{4585F718-C218-6D2C-6F65-A1B64A35CA28}\01\20-{4585F718-C218-6D2C-6F65-A1B64A35CA28}-v1- 22/12/2008 8:29 PM 8 bytes Hidden from Windows API.
C:\Documents and Settings\ravie\Local Settings\Application Data\Microsoft\Messenger\xxgothic-emoxx@hotmail.com\SharingMetadata\xx_jeph4_xx@hotmail.com\DFSR\Staging\CS{FEC25BAD-1FE5-4E9D-32A5-8075805E5BF0}\01\51-{FEC25BAD-1FE5-4E9D-32A5-8075805E5BF0}-v1-{6 08/01/2009 10:24 PM 8 bytes Hidden from Windows API.
C:\System Volume Information\_restore{D0D4C289-1775-4E84-B8F1-E8133151EDAF}\RP154\A0099246.ini 05/01/2009 7:27 PM 220 bytes Visible in directory index, but not Windows API or MFT.
C:\System Volume Information\_restore{D0D4C28[/codebox]

I'm wondering if I have to worry about these as they seem to be put there by MSN Messenger.

#5 BinaryGuru

BinaryGuru
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 28 January 2009 - 06:03 PM

Just so you guys know. I am now able to browse all the security sites I was not able to before.

Thanks for your help.

I now have set all the reccomended security policies set by CIS for WIndows XP. I also installed ESET NOD32 as the virus scanner and I reinstalled MBAN and Spy Bot Search & Destroy into the system for added protection. I am also going to install a hosts file to block access to certine web sites.

I am looking this baby down good. My buddy is very bad when it comes to security.

Edited by BinaryGuru, 28 January 2009 - 07:05 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users