Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! THE WORM!


  • This topic is locked This topic is locked
13 replies to this topic

#1 marco d

marco d

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 02 April 2009 - 05:02 PM

Hi Guys

Just want to let you know how much I appreciate this! Last night, I got a message from AVG saying my computer was infected with the Downadup worm and I clicked heal and all seemed fine. This morning I turned my computer on to be bombarded with constant .DLL errors stating that applications could not open due to msxnacrj.dll not being available. Upon further exploring, I discovered that msxnacrj.dll is actually what the Downadup named itself when it copied itself to the registry, but it's in the virus vault now. I've tried everything to get rid of these .DLL errors and nothing has worked. I scanned using bitdefender downadup removal tool and f-secure's removal tool, as well as Windows Oncare Live service. All these applications discovered nothing wrong with the computer, and instead claimed it was "clean". I also ran spybot and also clean result.

None of my programs seem to work except internet explorer. Microsoft word is not working, neither is System restore, paint, or MSN messenger. I need help! I've posted my hijackthis! log below.

THANKS SO MUCH!

Marco




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:50 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Registry Defense\RDAgent.exe
C:\Program Files\Registry Defense\RDListener.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RDAgent] C:\Program Files\Registry Defense\RDAgent.exe
O4 - HKLM\..\Run: [RDListener] C:\Program Files\Registry Defense\RDListener.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe

--
End of file - 11313 bytes

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 10 April 2009 - 05:04 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run OTListIT2

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Post both logs in your next reply please.
In your next reply please include the following:
  • MBAM log
  • OTListIt.txt
  • Description of Problems you still have

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 marco d

marco d
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 April 2009 - 07:22 PM

Hi EB,

I should give you an update on the situation. Turns out, system restore did work, I just had to get passed a bunch of .dll errors for it to open. I restored the computer to an earlier date (March 31st) and the .dll errors disappeared and the computer seems to be running perfectly again. However, since the system restore, my ATI: Catalyst Control Center keeps popping up on startup saying it has an encountered an error and needs to close. I don't know why.

I still want to make sure my computer is clean though, to prevent any further problems. MBAM found a few things. Here is what you asked for:

Malwarebytes' Anti-Malware 1.36
Database version: 1970
Windows 5.1.2600 Service Pack 3

4/11/2009 8:04:58 PM
mbam-log-2009-04-11 (20-04-58).txt

Scan type: Quick Scan
Objects scanned: 71918
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.



OTListIt logfile created on: 4/11/2009 8:12:41 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.66% Memory free
3.84 Gb Paging File | 3.33 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 77.65 Gb Free Space | 33.34% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 230.09 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive E: | 464.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARCO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/01/14 00:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/01/14 00:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/06/15 13:15:32 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2003/12/08 18:35:14 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2005/12/04 17:38:58 | 00,437,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2005/12/10 10:57:19 | 00,133,016 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006/12/06 21:51:39 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2009/02/24 13:42:55 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
PRC - [2009/03/22 11:11:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/08/24 19:25:00 | 00,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe
PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
PRC - [2007/10/24 14:31:15 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/09/10 22:56:24 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2007/09/20 18:08:59 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
PRC - [2007/07/16 12:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/09/07 16:35:57 | 00,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/03/22 11:11:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/01/20 12:20:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/12/12 16:32:32 | 00,053,248 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2008/12/19 01:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009/04/11 20:12:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/15 13:15:32 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2004/10/22 13:42:44 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/01/14 00:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/01/13 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2007/10/24 14:31:15 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
SRV - [2007/09/20 18:08:59 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/07/16 12:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/22 11:11:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/01/20 12:20:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/12/12 16:32:32 | 00,053,248 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe -- (STacSV [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/05/23 04:15:00 | 00,547,744 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\DRIVERS\A3AB.sys -- (A3AB [On_Demand | Running])
DRV - [2004/07/27 11:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32 [System | Running])
DRV - [2009/01/14 03:14:01 | 03,455,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/10/24 14:31:10 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core [System | Running])
DRV - [2007/09/20 18:08:55 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
DRV - [2007/09/20 18:08:57 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
DRV - [2007/12/21 12:23:55 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean [System | Running])
DRV - [2007/01/18 16:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2007/07/16 12:57:12 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2007/01/31 14:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2006/10/05 22:07:33 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - [2005/09/14 21:24:08 | 00,179,200 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2008/09/07 16:35:58 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/08/31 16:31:44 | 00,020,480 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2007/08/28 14:17:09 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/12 21:53:12 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/08/20 15:29:17 | 00,011,376 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/12/02 17:38:04 | 00,041,728 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32 [On_Demand | Running])
DRV - [2005/03/31 12:32:42 | 00,175,104 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5 [Boot | Running])
DRV - [2004/11/01 13:21:32 | 00,010,368 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter [Boot | Running])
DRV - [2006/10/05 22:04:57 | 00,643,072 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/12/12 16:32:54 | 01,083,576 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2005/01/26 10:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\S-1-5-21-1809067083-1574323382-3987669112-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/22 11:11:43 | 00,000,000 | ---D | M]


O1 HOSTS File: (313352 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 10751 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" (Corel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=021506 serial=wo12wrx-0000043-sgj lang=EN File not found
O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-20..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html ()
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html ()
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html ()
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/30 18:05:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/20 17:48:38 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/07/10 18:09:09 | 00,000,111 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/09/08 17:13:25 | 00,000,058 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{e646e236-9219-11da-a518-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e646e236-9219-11da-a518-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e646e236-9219-11da-a518-806d6172696f}\Shell\AutoRun\command - "" = D:\EISetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[15 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/11 20:12:03 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt2.exe
[2009/04/11 19:59:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/11 19:59:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/11 19:59:41 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/11 19:59:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/11 19:59:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/11 19:59:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/11 19:59:08 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe
[2009/04/07 00:21:53 | 00,000,000 | ---D | C] -- C:\Errol Flynn - The Adventures of Robin Hood (1938) DVDrip (SiRiUs sHaRe)
[2009/04/06 23:40:12 | 00,000,000 | ---D | C] -- C:\A.Streetcar.Named.Desire.1951.464x336.25fps.739kbs.V4mp3.MultiSub.WunSeeDee
[2009/04/06 23:36:51 | 00,015,079 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\A_Streetcar_Named_Desire_1951_XviD_MultiSub_WunSeeDee_-++Demonoid.com++.torrent
[2009/04/06 23:34:55 | 00,000,000 | ---D | C] -- C:\Casablanca[1942]DvDrip[Eng]-FXG
[2009/04/06 23:33:27 | 00,224,876 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Casablanca[1942]DvDrip[Eng]_FXG-[]Demonoid.com[].torrent
[2009/04/06 23:32:09 | 00,029,072 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Errol_Flynn_The_Adventures_of_Robin_Hood_(1938)_DVDrip_(SiRiUs_sHaRe)-[Demonoid.com].torrent
[2009/04/05 16:56:18 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/04/05 16:25:26 | 00,502,752 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cfremover.exe
[2009/04/04 15:05:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/04 15:05:00 | 00,613,618 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\regnfile_01.exe
[2009/04/04 15:04:46 | 00,608,259 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\conficker_mem_killer.exe
[2009/04/02 17:18:15 | 00,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Owner\My Documents\HijackThis.exe
[2009/04/02 17:04:44 | 00,648,560 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsXP-KB958644-x86-ENU.exe
[2009/04/02 17:02:12 | 01,288,568 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsServer2003.WindowsXP-KB958644-x64-ENU.exe
[2009/04/02 16:33:55 | 00,000,000 | ---D | C] -- C:\Program Files\AML Products
[2009/04/02 16:33:16 | 02,543,336 | ---- | C] (AML SOFTWARE ) -- C:\Documents and Settings\Owner\My Documents\regcleaner.exe
[2009/04/02 15:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RegistryDefense
[2009/04/02 15:52:36 | 01,847,824 | ---- | C] (Xionix Inc.) -- C:\Documents and Settings\Owner\My Documents\RegDefense.exe
[2009/04/02 15:29:32 | 04,915,600 | ---- | C] (F-Secure Corp.) -- C:\Documents and Settings\Owner\My Documents\f-downadup.exe
[2009/04/02 15:29:32 | 00,067,316 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\eult_eng.pdf
[2009/04/02 15:29:15 | 04,770,605 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\f-downadup.zip
[2009/04/02 12:43:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/02 11:49:23 | 00,000,167 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\plugins.htm
[2009/04/02 11:45:07 | 00,200,192 | ---- | C] (SC BitDefender , Romania) -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_gui.exe
[2009/04/02 11:45:07 | 00,142,848 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\libfn.dll
[2009/04/02 11:45:07 | 00,137,216 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_console.exe
[2009/04/02 11:45:07 | 00,102,400 | ---- | C] (BitDefender) -- C:\Documents and Settings\Owner\My Documents\bdcore.dll
[2009/04/02 11:45:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\plugins
[2009/04/02 11:44:43 | 02,402,613 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool.zip
[2009/03/31 23:02:26 | 00,029,883 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The Telemarketer.fdr
[2009/03/26 18:09:10 | 00,000,000 | ---D | C] -- C:\Before The Devil Knows Your Dead 2007 DVDRip Xvid AC3-FLAWL3SS
[2009/03/26 18:06:09 | 00,014,780 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Before_The_Devil_Knows_Your_Dead_2007_DVDRip_Xvid_AC3_FLAWL3SS-((Demonoid.com))_5259930.9226.torrent
[2009/03/26 00:33:50 | 00,000,000 | ---D | C] -- C:\Once Upon A Time In America
[2009/03/26 00:30:49 | 00,014,886 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[[Demonoid.com]]-Once_Upon_A_Time_In_America_[1984_Eng_Fre_Dvdrip_x264_aac]_5259930.9226.torrent
[2009/03/25 18:58:39 | 00,009,441 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - His Band And The Street Choir.jpg
[2009/03/25 18:20:44 | 00,010,247 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - Moondance.jpg
[2009/03/25 18:06:42 | 00,079,507 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Van_Morrison-Discography-1968-2006_[mininova].torrent
[2009/03/22 12:24:22 | 00,037,332 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Magnolia[1999]DvDrip-TB.4193725.TPB_[mininova].torrent
[2009/03/21 21:43:01 | 00,084,717 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Man_on_the_moon_[mininova].torrent
[2009/03/20 19:13:40 | 57,591,705 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cfmupodcast.mp3
[2009/03/20 01:11:45 | 00,056,198 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Punch_Drunk_Love_[mininova].torrent
[2009/03/17 23:26:30 | 00,058,165 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[isoHunt]_T-Rex-21_cd.torrent
[2009/03/17 02:22:22 | 00,012,588 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xltx
[2009/03/17 02:20:00 | 00,012,604 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xlsx
[2009/03/16 21:39:06 | 02,366,464 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\directionsupdated.doc
[2009/03/14 21:25:41 | 00,014,093 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Magnolia_[mininova].torrent
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/22 18:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/19 13:23:17 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/05/19 13:23:17 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/05/19 13:23:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/05/19 13:23:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2008/05/19 13:20:56 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/05/19 13:20:56 | 00,000,342 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/08/29 15:09:51 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/29 15:09:51 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/25 22:14:07 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/07/16 12:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/05/03 21:41:48 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/03/26 10:45:18 | 00,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/02/20 14:59:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/20 14:59:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/02/13 23:58:00 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/26 23:02:12 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\77F9021F98.sys
[2006/10/06 14:47:05 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/05 22:07:33 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/10/05 22:04:57 | 00,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/05 22:04:57 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3133.sys
[2006/10/01 10:39:09 | 00,002,150 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/30 22:53:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/09/29 22:56:37 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2006/09/29 19:02:18 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/28 22:18:21 | 00,000,086 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/01/31 18:29:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/31 18:27:19 | 00,000,396 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/31 12:37:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 08:00:00 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 08:00:00 | 00,000,643 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[15 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/11 20:12:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt2.exe
[2009/04/11 20:09:06 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/11 20:07:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/11 20:06:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/11 20:05:11 | 01,579,542 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/11 19:59:41 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/11 19:59:20 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe
[2009/04/10 19:39:32 | 00,029,883 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The Telemarketer.fdr
[2009/04/10 17:00:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 17:00:54 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/10 13:08:57 | 00,313,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/10 13:07:37 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090410-130857.backup
[2009/04/06 23:36:53 | 00,015,079 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\A_Streetcar_Named_Desire_1951_XviD_MultiSub_WunSeeDee_-++Demonoid.com++.torrent
[2009/04/06 23:33:30 | 00,224,876 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Casablanca[1942]DvDrip[Eng]_FXG-[]Demonoid.com[].torrent
[2009/04/06 23:32:11 | 00,029,072 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Errol_Flynn_The_Adventures_of_Robin_Hood_(1938)_DVDrip_(SiRiUs_sHaRe)-[Demonoid.com].torrent
[2009/04/06 22:57:55 | 00,570,866 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/06 22:57:55 | 00,475,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 22:57:55 | 00,084,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 19:42:50 | 00,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/05 19:26:00 | 00,092,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/05 17:13:13 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2009/04/05 17:13:13 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090410-130737.backup
[2009/04/05 16:25:30 | 00,502,752 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cfremover.exe
[2009/04/04 15:25:42 | 00,000,643 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/04 15:25:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/04 15:23:54 | 00,000,167 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\plugins.htm
[2009/04/04 15:05:06 | 00,613,618 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\regnfile_01.exe
[2009/04/04 15:04:52 | 00,608,259 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\conficker_mem_killer.exe
[2009/04/02 17:04:52 | 00,648,560 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsXP-KB958644-x86-ENU.exe
[2009/04/02 17:02:21 | 01,288,568 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsServer2003.WindowsXP-KB958644-x64-ENU.exe
[2009/04/02 16:33:19 | 02,543,336 | ---- | M] (AML SOFTWARE ) -- C:\Documents and Settings\Owner\My Documents\regcleaner.exe
[2009/04/02 15:52:48 | 01,847,824 | ---- | M] (Xionix Inc.) -- C:\Documents and Settings\Owner\My Documents\RegDefense.exe
[2009/04/02 15:29:16 | 04,770,605 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\f-downadup.zip
[2009/04/02 11:58:17 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090405-171313.backup
[2009/04/02 11:44:49 | 02,402,613 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool.zip
[2009/03/31 11:17:18 | 00,041,732 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/03/31 11:17:18 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March 2009.xlr
[2009/03/26 18:06:10 | 00,014,780 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Before_The_Devil_Knows_Your_Dead_2007_DVDRip_Xvid_AC3_FLAWL3SS-((Demonoid.com))_5259930.9226.torrent
[2009/03/26 00:30:50 | 00,014,886 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[[Demonoid.com]]-Once_Upon_A_Time_In_America_[1984_Eng_Fre_Dvdrip_x264_aac]_5259930.9226.torrent
[2009/03/25 18:58:39 | 00,009,441 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - His Band And The Street Choir.jpg
[2009/03/25 18:20:44 | 00,010,247 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - Moondance.jpg
[2009/03/25 18:06:44 | 00,079,507 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Van_Morrison-Discography-1968-2006_[mininova].torrent
[2009/03/22 13:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/22 12:24:23 | 00,037,332 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Magnolia[1999]DvDrip-TB.4193725.TPB_[mininova].torrent
[2009/03/21 21:43:02 | 00,084,717 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Man_on_the_moon_[mininova].torrent
[2009/03/20 19:13:48 | 57,591,705 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cfmupodcast.mp3
[2009/03/20 01:11:47 | 00,056,198 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Punch_Drunk_Love_[mininova].torrent
[2009/03/18 21:44:05 | 00,091,568 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Duncan.fdr
[2009/03/17 23:26:31 | 00,058,165 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[isoHunt]_T-Rex-21_cd.torrent
[2009/03/17 02:22:22 | 00,012,588 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xltx
[2009/03/17 02:20:01 | 00,012,604 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xlsx
[2009/03/17 02:17:47 | 02,366,464 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\directionsupdated.doc
[2009/03/16 21:38:48 | 00,469,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\directions.doc
[2009/03/16 18:23:12 | 00,200,192 | ---- | M] (SC BitDefender , Romania) -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_gui.exe
[2009/03/16 17:27:56 | 00,137,216 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_console.exe
[2009/03/14 21:25:42 | 00,014,093 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Magnolia_[mininova].torrent

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\Nosferatu.sub:SummaryInformation
< End of report >




OTListIt Extras logfile created on: 4/11/2009 8:12:41 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.66% Memory free
3.84 Gb Paging File | 3.33 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 77.65 Gb Free Space | 33.34% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 230.09 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive E: | 464.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARCO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:bittorrent
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/10/16 22:23:33 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2007/10/24 14:31:15 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2009/02/24 13:42:55 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/12/19 01:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer
[2004/04/23 13:34:23 | 07,899,252 | R--- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion
[2009/02/16 21:34:03 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2004/06/25 20:05:42 | 07,110,656 | ---- | M] (Ensemble Studios) -- C:\Program Files\Microsoft Games\Age of Mythology\aomx2.exe:*:Enabled:Age of Mythology - The Titans Expansion
[2008/05/21 05:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/29 01:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 06:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2009/02/06 19:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2A947CBB-4F5E-38D8-F49E-6C2C0D9D848E}" = Catalyst Control Center Graphics Previews Common
"{2E516FE9-AF50-44DC-A6B3-89166D3ADF0E}" = SPSS 15.0 for Windows Integrated Student Version
"{30DE45EC-48B3-7617-193A-7B4CDCE18D22}" = Skins
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio 2.0
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F589FB5-02B8-43DD-8061-C6DADDE5775C}" = 3114 SATARAID5
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5C08205C-C9E0-A607-9EB1-EB0D7C5659B3}" = Catalyst Control Center Core Implementation
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90A2EB5A-8446-1554-235A-D174E39AF4E5}" = Catalyst Control Center Graphics Full Existing
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A48E4951-D8E9-4FDF-82EF-46FB1C953F3E}" = Intel Audio Studio 2.0
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48442EE-FF84-3A89-CA50-EA2D1C64733E}" = ccc-utility
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC1086AD-1635-01EF-3137-04AB16B46F9F}" = ccc-core-preinstall
"{D01B4212-C867-9074-217D-B40BB5A578FE}" = Catalyst Control Center Graphics Full New
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2
"{DCFF3DB2-0E96-6DF5-DF22-AB1C18CF5E86}" = Catalyst Control Center Graphics Light
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DE9D0AF5-08ED-70A5-66FA-4C3B3E2A85E8}" = Catalyst Control Center HydraVision Full
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E2E5BADC-93D9-4EBF-B991-289DFF9D6821}" = Intel® Viiv™ Software
"{E6C48B74-26ED-4EF8-A04C-42AFDE5E1CA3}" = Intel® PRO Network Connections
"{F02CF4B0-05EC-4938-A8D2-F739AF3B4363}" = Microsoft IntelliType Pro 5.5
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F104E135-A5EF-9551-4924-2A7B94DDDADF}" = ccc-core-static
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FBB6D1D6-BD35-50E0-37B7-375BAB8E199B}" = CCC Help English
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVG7Uninstall" = AVG 7.5
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Money2006b" = Microsoft Money 2006
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"TOD 012009" = TOD 012009
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2009 12:42:50 PM | Computer Name = MARCO | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mom.exe, P2 2.0.0.0, P3 494aa563, P4 mom, P5
2.0.0.0, P6 494aa563, P7 2, P8 2, P9 system.typeloadexception, P10 NIL.

Error - 4/11/2009 2:31:30 PM | Computer Name = MARCO | Source = | ID = 0
Description =

Error - 4/11/2009 3:50:41 PM | Computer Name = MARCO | Source = | ID = 0
Description =

Error - 4/11/2009 3:50:41 PM | Computer Name = MARCO | Source = | ID = 0
Description =

Error - 4/11/2009 3:50:41 PM | Computer Name = MARCO | Source = | ID = 0
Description =

Error - 4/11/2009 4:17:59 PM | Computer Name = MARCO | Source = | ID = 0
Description =

Error - 4/11/2009 6:41:40 PM | Computer Name = MARCO | Source = | ID = 0
Description =

Error - 4/11/2009 7:54:38 PM | Computer Name = MARCO | Source = | ID = 0
Description =

Error - 4/11/2009 8:08:07 PM | Computer Name = MARCO | Source = STacSV | ID = 268435455
Description =

Error - 4/11/2009 8:08:29 PM | Computer Name = MARCO | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 mom.exe, P2 2.0.0.0, P3 494aa563, P4 mom, P5
2.0.0.0, P6 494aa563, P7 2, P8 2, P9 system.typeloadexception, P10 NIL.

[ OSession Events ]
Error - 4/2/2009 3:39:37 PM | Computer Name = MARCO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/2/2009 3:39:54 PM | Computer Name = MARCO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/4/2009 3:22:46 PM | Computer Name = MARCO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/4/2009 3:23:36 PM | Computer Name = MARCO | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 4/4/2009 3:23:36 PM | Computer Name = MARCO | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/4/2009 3:23:36 PM | Computer Name = MARCO | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/4/2009 3:23:36 PM | Computer Name = MARCO | Source = Service Control Manager | ID = 7001
Description = The IP Traffic Filter Driver service depends on the TCP/IP Protocol
Driver service which failed to start because of the following error: %%31

Error - 4/4/2009 3:23:36 PM | Computer Name = MARCO | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/4/2009 3:23:36 PM | Computer Name = MARCO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD ASPI32 Avg7Core Avg7RsW Avg7RsXP Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 4/4/2009 3:25:31 PM | Computer Name = MARCO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/4/2009 3:25:46 PM | Computer Name = MARCO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/7/2009 12:05:30 AM | Computer Name = MARCO | Source = Schannel | ID = 36882
Description = The certificate received from the remote server was issued by an untrusted
certificate authority. Because of this, none of the data contained in the certificate
can be validated. The SSL connection request has failed. The attached data contains
the server certificate.


< End of report >





Thanks a lot,

Marco

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 11 April 2009 - 07:52 PM

Hello.

I see a few Lop infections on your computer still. We will remove that and see if there's anything else as well.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Download and run LopS&D

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Post back with:
-LopR log
-New OTListIt2.txt (Only OTListIT2.txt, I want to see)

With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 marco d

marco d
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 April 2009 - 08:23 PM

Hi EB,

What exactly is a Lop infection?

Here's the new stuff:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Core™2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.557 7.5.557 (Not Activated)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:77 Go)
D:\ (Local Disk) - NTFS - Total:232 Go (Free:230 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD) - UDF - Total:5 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 04/11/2009|21:14 )

--------------------\\ Listing folders in APPLIC~1

[03/09/2008|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/07/2006|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3 XPack Trial
[01/13/2007|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[11/14/2006|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[02/10/2009|04:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[01/29/2009|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg7
[09/26/2006|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Borland
[09/29/2006|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[08/08/2007|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Close upload noun internet
[10/02/2006|06:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[01/31/2006|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[02/19/2009|06:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fallout3
[10/21/2006|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Final Draft
[08/08/2007|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> grim math seek close
[09/20/2007|06:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[09/26/2006|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[06/15/2008|01:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/11/2009|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/02/2009|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/11/2009|07:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[02/16/2009|01:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[03/16/2008|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[02/05/2009|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> vsosdk
[01/31/2006|11:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[02/22/2008|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[01/30/2006|06:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[09/20/2007|06:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVG7
[09/20/2007|06:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/20/2007|06:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[03/09/2008|10:45] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[11/01/2006|02:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[11/14/2006|07:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[02/10/2009|04:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ATI
[04/02/2009|11:18] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AVG7
[08/13/2008|10:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitTorrent
[10/02/2007|11:21] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Codemasters
[05/28/2007|12:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Corel
[12/27/2007|02:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DivX
[10/21/2006|01:37] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Final Draft
[02/21/2007|05:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[04/11/2009|09:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Hamachi
[01/31/2006|03:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[01/30/2006|06:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[10/02/2007|11:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield
[01/30/2006|06:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InterTrust
[03/24/2007|05:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[09/28/2006|10:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Leadertech
[01/31/2006|01:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[04/11/2009|07:59] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[04/02/2009|03:17] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[07/01/2007|05:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> NeroDCTemplates
[04/02/2009|03:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> RegistryDefense
[09/29/2006|06:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SecuROM
[01/30/2006|06:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[06/06/2008|03:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[04/10/2009|05:00] C:\DOCUME~1\Owner\APPLIC~1\<DIR> uTorrent
[11/11/2007|04:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> vlc
[04/08/2009|10:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Vso
[02/22/2008|08:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Windows Live Writer

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/22/2009 01:36 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/11/2009 09:03 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/13/2007|05:45] C:\Program Files\<DIR> AC3Filter
[07/02/2008|02:11] C:\Program Files\<DIR> Adobe
[10/02/2007|11:01] C:\Program Files\<DIR> AGEIA Technologies
[01/13/2007|01:48] C:\Program Files\<DIR> Ahead
[04/02/2009|04:33] C:\Program Files\<DIR> AML Products
[05/23/2008|02:38] C:\Program Files\<DIR> ANI
[12/17/2006|02:37] C:\Program Files\<DIR> Apple Software Update
[02/11/2009|01:01] C:\Program Files\<DIR> ATI
[02/10/2009|04:01] C:\Program Files\<DIR> ATI Technologies
[03/14/2008|12:58] C:\Program Files\<DIR> Audacity
[11/28/2008|04:59] C:\Program Files\<DIR> Audio Visualizations
[02/19/2009|06:27] C:\Program Files\<DIR> Bethesda Softworks
[09/29/2006|10:57] C:\Program Files\<DIR> Canon
[02/04/2009|01:10] C:\Program Files\<DIR> Cisco Systems
[02/18/2009|01:20] C:\Program Files\<DIR> Common Files
[01/30/2006|05:59] C:\Program Files\<DIR> ComPlus Applications
[12/02/2006|12:52] C:\Program Files\<DIR> Creative
[01/31/2006|11:29] C:\Program Files\<DIR> CyberLink
[01/31/2006|11:29] C:\Program Files\<DIR> CyberLink DVD Solution
[10/05/2006|10:07] C:\Program Files\<DIR> DAEMON Tools
[08/14/2008|03:07] C:\Program Files\<DIR> DivX
[05/23/2008|02:37] C:\Program Files\<DIR> D-Link
[08/28/2007|04:11] C:\Program Files\<DIR> dvdSanta
[03/06/2007|12:12] C:\Program Files\<DIR> EA GAMES
[01/31/2006|12:40] C:\Program Files\<DIR> Encarta
[11/07/2008|05:23] C:\Program Files\<DIR> File Scanner Library (Spybot - Search & Destroy)
[10/21/2006|01:40] C:\Program Files\<DIR> Final Draft 7
[10/21/2006|01:36] C:\Program Files\<DIR> Final Draft Tagger
[02/21/2007|05:07] C:\Program Files\<DIR> Google
[09/20/2007|06:08] C:\Program Files\<DIR> Grisoft
[09/07/2008|04:36] C:\Program Files\<DIR> Hamachi
[02/19/2009|06:27] C:\Program Files\<DIR> InstallShield Installation Information
[01/31/2006|03:33] C:\Program Files\<DIR> Intel
[10/02/2006|05:37] C:\Program Files\<DIR> Intel Audio Studio
[01/31/2006|04:44] C:\Program Files\<DIR> Intel Desktop Board
[04/05/2009|05:10] C:\Program Files\<DIR> Internet Explorer
[03/22/2009|11:11] C:\Program Files\<DIR> Java
[07/24/2008|03:27] C:\Program Files\<DIR> Konami
[06/15/2008|01:15] C:\Program Files\<DIR> Lavasoft
[04/11/2009|07:59] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/14/2008|07:02] C:\Program Files\<DIR> Messenger
[02/18/2009|01:29] C:\Program Files\<DIR> Microsoft
[01/31/2006|12:40] C:\Program Files\<DIR> Microsoft Digital Image 2006
[01/30/2006|06:06] C:\Program Files\<DIR> microsoft frontpage
[09/07/2008|06:25] C:\Program Files\<DIR> Microsoft Games
[02/19/2009|06:53] C:\Program Files\<DIR> Microsoft Games for Windows - LIVE
[01/31/2006|01:45] C:\Program Files\<DIR> Microsoft IntelliType Pro
[01/31/2006|01:44] C:\Program Files\<DIR> Microsoft IntelliType Pro 5.5
[01/31/2006|12:43] C:\Program Files\<DIR> Microsoft Location Finder
[01/31/2006|12:38] C:\Program Files\<DIR> microsoft money 2006
[11/26/2008|12:07] C:\Program Files\<DIR> Microsoft Office
[01/31/2006|12:43] C:\Program Files\<DIR> Microsoft Streets and Trips Essentials
[11/26/2008|12:07] C:\Program Files\<DIR> Microsoft Visual Studio
[11/26/2008|12:01] C:\Program Files\<DIR> Microsoft Visual Studio 8
[11/26/2008|12:09] C:\Program Files\<DIR> Microsoft Works
[01/31/2006|12:33] C:\Program Files\<DIR> Microsoft Works Suite 2006
[11/26/2008|12:05] C:\Program Files\<DIR> Microsoft.NET
[05/22/2008|01:57] C:\Program Files\<DIR> Movie Maker
[02/19/2009|06:25] C:\Program Files\<DIR> MSBuild
[04/21/2008|11:21] C:\Program Files\<DIR> MSN
[01/30/2006|05:55] C:\Program Files\<DIR> MSN Gaming Zone
[01/30/2006|06:20] C:\Program Files\<DIR> MSXML 4.0
[10/30/2006|09:46] C:\Program Files\<DIR> Nero
[05/22/2008|01:54] C:\Program Files\<DIR> NetMeeting
[01/30/2006|05:59] C:\Program Files\<DIR> Online Services
[05/22/2008|01:54] C:\Program Files\<DIR> Outlook Express
[12/06/2006|09:51] C:\Program Files\<DIR> QuickTime
[02/19/2009|06:23] C:\Program Files\<DIR> Reference Assemblies
[06/15/2008|12:41] C:\Program Files\<DIR> Resident Evil 4
[11/07/2008|05:23] C:\Program Files\<DIR> SDHelper (Spybot - Search & Destroy)
[01/30/2006|06:25] C:\Program Files\<DIR> SigmaTel
[01/30/2006|06:29] C:\Program Files\<DIR> Silicon Image
[01/28/2009|06:01] C:\Program Files\<DIR> SPSS Student
[04/11/2009|12:40] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/07/2008|05:23] C:\Program Files\<DIR> TeaTimer (Spybot - Search & Destroy)
[02/08/2009|02:30] C:\Program Files\<DIR> TOD 012009
[05/10/2008|01:41] C:\Program Files\<DIR> Trend Micro
[12/01/2006|11:31] C:\Program Files\<DIR> Ubisoft
[01/30/2006|06:14] C:\Program Files\<DIR> Uninstall Information
[08/30/2008|12:32] C:\Program Files\<DIR> uTorrent
[11/11/2007|04:49] C:\Program Files\<DIR> VideoLAN
[09/28/2006|10:19] C:\Program Files\<DIR> viewsonic
[08/28/2007|02:17] C:\Program Files\<DIR> VSO
[04/10/2007|11:40] C:\Program Files\<DIR> Windows Journal Viewer
[02/18/2009|01:30] C:\Program Files\<DIR> Windows Live
[04/05/2009|07:39] C:\Program Files\<DIR> Windows Live Safety Center
[02/18/2009|01:29] C:\Program Files\<DIR> Windows Live SkyDrive
[12/19/2006|10:08] C:\Program Files\<DIR> Windows Media Connect 2
[12/19/2006|10:08] C:\Program Files\<DIR> Windows Media Player
[05/22/2008|01:54] C:\Program Files\<DIR> Windows NT
[01/30/2006|05:59] C:\Program Files\<DIR> Windows Plus
[01/30/2006|06:04] C:\Program Files\<DIR> WindowsUpdate
[10/06/2006|10:57] C:\Program Files\<DIR> WinRAR
[09/26/2006|05:44] C:\Program Files\<DIR> WordPerfect Office X3
[01/30/2006|06:06] C:\Program Files\<DIR> xerox
[08/29/2007|03:09] C:\Program Files\<DIR> Xvid
[01/02/2007|04:28] C:\Program Files\<DIR> ZA-QR7
[02/08/2009|02:30] C:\Program Files\<DIR> Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/09/2008|10:33] C:\Program Files\Common Files\<DIR> Adobe
[01/13/2007|01:45] C:\Program Files\Common Files\<DIR> Ahead
[09/26/2006|05:43] C:\Program Files\Common Files\<DIR> Borland Shared
[09/26/2006|05:43] C:\Program Files\Common Files\<DIR> Corel
[11/26/2008|12:07] C:\Program Files\Common Files\<DIR> DESIGNER
[02/04/2009|01:11] C:\Program Files\Common Files\<DIR> Deterministic Networks
[01/31/2006|12:59] C:\Program Files\Common Files\<DIR> InstallShield
[01/30/2006|06:29] C:\Program Files\Common Files\<DIR> Java
[01/13/2007|01:48] C:\Program Files\Common Files\<DIR> LightScribe
[02/18/2009|01:29] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/30/2006|06:03] C:\Program Files\Common Files\<DIR> MSSoap
[01/13/2007|01:46] C:\Program Files\Common Files\<DIR> Nero
[01/31/2006|01:43] C:\Program Files\Common Files\<DIR> ODBC
[01/30/2006|06:03] C:\Program Files\Common Files\<DIR> Services
[01/31/2006|01:43] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/26/2008|12:14] C:\Program Files\Common Files\<DIR> System
[02/18/2009|01:20] C:\Program Files\Common Files\<DIR> Windows Live
[02/22/2008|08:47] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[06/15/2008|01:14] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 51 Processes )

iexplore.exe ~ [PID:2840]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Close upload noun internet
C:\DOCUME~1\Owner\Cookies\owner@adultfriendfinder[2].txt
C:\DOCUME~1\Owner\Cookies\owner@ero-advertising[1].txt
C:\DOCUME~1\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\DOCUME~1\Owner\Cookies\owner@adopt.euroclick[3].txt

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 10774 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 21:15:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 280

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\My Documents\++Demonoid.com++-[PC]_Silent_Hill_4_The_Room_Crack_English_[ISO]_5259930.9226.torrent
C:\DOCUME~1\Owner\My Documents\Final Crack
C:\DOCUME~1\Owner\My Documents\Final Draft 7.0 with crack.zip
C:\DOCUME~1\Owner\My Documents\keygen.nfo
C:\DOCUME~1\Owner\My Documents\[isoHunt] The[1].Elder.Scrolls.IV.Oblivion NoDVD Crack.torrent
C:\DOCUME~1\Owner\My Documents\[isoHunt]_Microsoft_Office_2007_with_crack_[smaragdtorrent.to].torrent
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]
C:\DOCUME~1\Owner\My Documents\Final Crack\__MACOSX
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]\.DS_Store
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]\Keygen - Final Draft 7.exe
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]\Readme - CM.txt
C:\DOCUME~1\Owner\My Documents\Final Crack\__MACOSX\Final Draft 7 [K]
C:\DOCUME~1\Owner\My Documents\Final Crack\__MACOSX\Final Draft 7 [K]\._.DS_Store


[F:188][D:46]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:665][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:650][D:7]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 04/11/2009|21:17 - Option : [1]

--------------------\\ Scan completed at 21:17:13



OTListIt logfile created on: 4/11/2009 9:19:31 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.03% Memory free
3.85 Gb Paging File | 3.35 Gb Available in Paging File | 87.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 77.65 Gb Free Space | 33.34% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 230.09 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive E: | 464.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARCO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/01/14 00:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/01/14 00:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/06/15 13:15:32 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2003/12/08 18:35:14 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2005/12/04 17:38:58 | 00,437,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2005/12/10 10:57:19 | 00,133,016 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006/12/06 21:51:39 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2009/02/24 13:42:55 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
PRC - [2007/10/24 14:31:15 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
PRC - [2009/03/22 11:11:42 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/08/24 19:25:00 | 00,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe
PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
PRC - [2007/09/20 18:08:59 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
PRC - [2007/07/16 12:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/09/10 22:56:24 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2008/09/07 16:35:57 | 00,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe
PRC - [2009/03/22 11:11:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/01/20 12:20:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/12/12 16:32:32 | 00,053,248 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2008/12/19 01:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/04/11 20:12:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/15 13:15:32 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2004/10/22 13:42:44 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/01/14 00:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/01/13 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2007/10/24 14:31:15 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
SRV - [2007/09/20 18:08:59 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/07/16 12:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/22 11:11:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/01/20 12:20:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/12/12 16:32:32 | 00,053,248 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe -- (STacSV [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/05/23 04:15:00 | 00,547,744 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\DRIVERS\A3AB.sys -- (A3AB [On_Demand | Running])
DRV - [2004/07/27 11:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32 [System | Running])
DRV - [2009/01/14 03:14:01 | 03,455,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/10/24 14:31:10 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core [System | Running])
DRV - [2007/09/20 18:08:55 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
DRV - [2007/09/20 18:08:57 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
DRV - [2007/12/21 12:23:55 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean [System | Running])
DRV - [2007/01/18 16:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2007/07/16 12:57:12 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2007/01/31 14:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2006/10/05 22:07:33 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - [2005/09/14 21:24:08 | 00,179,200 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2008/09/07 16:35:58 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/08/31 16:31:44 | 00,020,480 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2007/08/28 14:17:09 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/12 21:53:12 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/08/20 15:29:17 | 00,011,376 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/12/02 17:38:04 | 00,041,728 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32 [On_Demand | Running])
DRV - [2005/03/31 12:32:42 | 00,175,104 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5 [Boot | Running])
DRV - [2004/11/01 13:21:32 | 00,010,368 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter [Boot | Running])
DRV - [2006/10/05 22:04:57 | 00,643,072 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/12/12 16:32:54 | 01,083,576 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2005/01/26 10:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\S-1-5-21-1809067083-1574323382-3987669112-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/22 11:11:43 | 00,000,000 | ---D | M]


O1 HOSTS File: (313352 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 10751 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" (Corel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=021506 serial=wo12wrx-0000043-sgj lang=EN File not found
O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-20..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html ()
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html ()
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html ()
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/30 18:05:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/11 21:00:11 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/06/20 17:48:38 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/11 21:00:11 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2003/07/10 18:09:09 | 00,000,111 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/09/08 17:13:25 | 00,000,058 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{e646e236-9219-11da-a518-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e646e236-9219-11da-a518-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e646e236-9219-11da-a518-806d6172696f}\Shell\AutoRun\command - "" = D:\EISetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[15 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/11 21:13:31 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/11 21:08:01 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\LopSD.exe
[2009/04/11 21:00:11 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/04/11 20:59:19 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Flash_Disinfector.exe
[2009/04/11 20:12:03 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt2.exe
[2009/04/11 19:59:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/11 19:59:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/11 19:59:41 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/11 19:59:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/11 19:59:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/11 19:59:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/11 19:59:08 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe
[2009/04/07 00:21:53 | 00,000,000 | ---D | C] -- C:\Errol Flynn - The Adventures of Robin Hood (1938) DVDrip (SiRiUs sHaRe)
[2009/04/06 23:40:12 | 00,000,000 | ---D | C] -- C:\A.Streetcar.Named.Desire.1951.464x336.25fps.739kbs.V4mp3.MultiSub.WunSeeDee
[2009/04/06 23:36:51 | 00,015,079 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\A_Streetcar_Named_Desire_1951_XviD_MultiSub_WunSeeDee_-++Demonoid.com++.torrent
[2009/04/06 23:34:55 | 00,000,000 | ---D | C] -- C:\Casablanca[1942]DvDrip[Eng]-FXG
[2009/04/06 23:33:27 | 00,224,876 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Casablanca[1942]DvDrip[Eng]_FXG-[]Demonoid.com[].torrent
[2009/04/06 23:32:09 | 00,029,072 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Errol_Flynn_The_Adventures_of_Robin_Hood_(1938)_DVDrip_(SiRiUs_sHaRe)-[Demonoid.com].torrent
[2009/04/05 16:56:18 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/04/05 16:25:26 | 00,502,752 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cfremover.exe
[2009/04/04 15:05:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/04 15:05:00 | 00,613,618 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\regnfile_01.exe
[2009/04/04 15:04:46 | 00,608,259 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\conficker_mem_killer.exe
[2009/04/02 17:18:15 | 00,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Owner\My Documents\HijackThis.exe
[2009/04/02 17:04:44 | 00,648,560 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsXP-KB958644-x86-ENU.exe
[2009/04/02 17:02:12 | 01,288,568 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsServer2003.WindowsXP-KB958644-x64-ENU.exe
[2009/04/02 16:33:55 | 00,000,000 | ---D | C] -- C:\Program Files\AML Products
[2009/04/02 16:33:16 | 02,543,336 | ---- | C] (AML SOFTWARE ) -- C:\Documents and Settings\Owner\My Documents\regcleaner.exe
[2009/04/02 15:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RegistryDefense
[2009/04/02 15:52:36 | 01,847,824 | ---- | C] (Xionix Inc.) -- C:\Documents and Settings\Owner\My Documents\RegDefense.exe
[2009/04/02 15:29:32 | 04,915,600 | ---- | C] (F-Secure Corp.) -- C:\Documents and Settings\Owner\My Documents\f-downadup.exe
[2009/04/02 15:29:32 | 00,067,316 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\eult_eng.pdf
[2009/04/02 15:29:15 | 04,770,605 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\f-downadup.zip
[2009/04/02 12:43:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/02 11:49:23 | 00,000,167 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\plugins.htm
[2009/04/02 11:45:07 | 00,200,192 | ---- | C] (SC BitDefender , Romania) -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_gui.exe
[2009/04/02 11:45:07 | 00,142,848 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\libfn.dll
[2009/04/02 11:45:07 | 00,137,216 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_console.exe
[2009/04/02 11:45:07 | 00,102,400 | ---- | C] (BitDefender) -- C:\Documents and Settings\Owner\My Documents\bdcore.dll
[2009/04/02 11:45:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\plugins
[2009/04/02 11:44:43 | 02,402,613 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool.zip
[2009/03/31 23:02:26 | 00,029,883 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The Telemarketer.fdr
[2009/03/26 18:09:10 | 00,000,000 | ---D | C] -- C:\Before The Devil Knows Your Dead 2007 DVDRip Xvid AC3-FLAWL3SS
[2009/03/26 18:06:09 | 00,014,780 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Before_The_Devil_Knows_Your_Dead_2007_DVDRip_Xvid_AC3_FLAWL3SS-((Demonoid.com))_5259930.9226.torrent
[2009/03/26 00:33:50 | 00,000,000 | ---D | C] -- C:\Once Upon A Time In America
[2009/03/26 00:30:49 | 00,014,886 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[[Demonoid.com]]-Once_Upon_A_Time_In_America_[1984_Eng_Fre_Dvdrip_x264_aac]_5259930.9226.torrent
[2009/03/25 18:58:39 | 00,009,441 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - His Band And The Street Choir.jpg
[2009/03/25 18:20:44 | 00,010,247 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - Moondance.jpg
[2009/03/25 18:06:42 | 00,079,507 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Van_Morrison-Discography-1968-2006_[mininova].torrent
[2009/03/22 12:24:22 | 00,037,332 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Magnolia[1999]DvDrip-TB.4193725.TPB_[mininova].torrent
[2009/03/21 21:43:01 | 00,084,717 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Man_on_the_moon_[mininova].torrent
[2009/03/20 19:13:40 | 57,591,705 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cfmupodcast.mp3
[2009/03/20 01:11:45 | 00,056,198 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Punch_Drunk_Love_[mininova].torrent
[2009/03/17 23:26:30 | 00,058,165 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[isoHunt]_T-Rex-21_cd.torrent
[2009/03/17 02:22:22 | 00,012,588 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xltx
[2009/03/17 02:20:00 | 00,012,604 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xlsx
[2009/03/16 21:39:06 | 02,366,464 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\directionsupdated.doc
[2009/03/14 21:25:41 | 00,014,093 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Magnolia_[mininova].torrent
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/22 18:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/19 13:23:17 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/05/19 13:23:17 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/05/19 13:23:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/05/19 13:23:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2008/05/19 13:20:56 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/05/19 13:20:56 | 00,000,342 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/08/29 15:09:51 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/29 15:09:51 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/25 22:14:07 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/07/16 12:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/05/03 21:41:48 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/03/26 10:45:18 | 00,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/02/20 14:59:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/20 14:59:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/02/13 23:58:00 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/26 23:02:12 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\77F9021F98.sys
[2006/10/06 14:47:05 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/05 22:07:33 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/10/05 22:04:57 | 00,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/05 22:04:57 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3133.sys
[2006/10/01 10:39:09 | 00,002,150 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/30 22:53:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/09/29 22:56:37 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2006/09/29 19:02:18 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/28 22:18:21 | 00,000,086 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/01/31 18:29:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/31 18:27:19 | 00,000,396 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/31 12:37:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 08:00:00 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 08:00:00 | 00,000,643 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[15 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/11 21:13:31 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LopSD.exe
[2009/04/11 21:09:16 | 00,092,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/11 21:05:21 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/11 21:03:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/11 21:02:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/11 20:59:58 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Flash_Disinfector.exe
[2009/04/11 20:12:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt2.exe
[2009/04/11 20:05:11 | 01,579,542 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/11 19:59:41 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/11 19:59:20 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe
[2009/04/10 19:39:32 | 00,029,883 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The Telemarketer.fdr
[2009/04/10 17:00:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 17:00:54 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/10 13:08:57 | 00,313,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/10 13:07:37 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090410-130857.backup
[2009/04/06 23:36:53 | 00,015,079 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\A_Streetcar_Named_Desire_1951_XviD_MultiSub_WunSeeDee_-++Demonoid.com++.torrent
[2009/04/06 23:33:30 | 00,224,876 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Casablanca[1942]DvDrip[Eng]_FXG-[]Demonoid.com[].torrent
[2009/04/06 23:32:11 | 00,029,072 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Errol_Flynn_The_Adventures_of_Robin_Hood_(1938)_DVDrip_(SiRiUs_sHaRe)-[Demonoid.com].torrent
[2009/04/06 22:57:55 | 00,570,866 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/06 22:57:55 | 00,475,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 22:57:55 | 00,084,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 19:42:50 | 00,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/05 17:13:13 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2009/04/05 17:13:13 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090410-130737.backup
[2009/04/05 16:25:30 | 00,502,752 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cfremover.exe
[2009/04/04 15:25:42 | 00,000,643 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/04 15:25:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/04 15:23:54 | 00,000,167 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\plugins.htm
[2009/04/04 15:05:06 | 00,613,618 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\regnfile_01.exe
[2009/04/04 15:04:52 | 00,608,259 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\conficker_mem_killer.exe
[2009/04/02 17:04:52 | 00,648,560 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsXP-KB958644-x86-ENU.exe
[2009/04/02 17:02:21 | 01,288,568 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsServer2003.WindowsXP-KB958644-x64-ENU.exe
[2009/04/02 16:33:19 | 02,543,336 | ---- | M] (AML SOFTWARE ) -- C:\Documents and Settings\Owner\My Documents\regcleaner.exe
[2009/04/02 15:52:48 | 01,847,824 | ---- | M] (Xionix Inc.) -- C:\Documents and Settings\Owner\My Documents\RegDefense.exe
[2009/04/02 15:29:16 | 04,770,605 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\f-downadup.zip
[2009/04/02 11:58:17 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090405-171313.backup
[2009/04/02 11:44:49 | 02,402,613 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool.zip
[2009/03/31 11:17:18 | 00,041,732 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/03/31 11:17:18 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March 2009.xlr
[2009/03/26 18:06:10 | 00,014,780 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Before_The_Devil_Knows_Your_Dead_2007_DVDRip_Xvid_AC3_FLAWL3SS-((Demonoid.com))_5259930.9226.torrent
[2009/03/26 00:30:50 | 00,014,886 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[[Demonoid.com]]-Once_Upon_A_Time_In_America_[1984_Eng_Fre_Dvdrip_x264_aac]_5259930.9226.torrent
[2009/03/25 18:58:39 | 00,009,441 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - His Band And The Street Choir.jpg
[2009/03/25 18:20:44 | 00,010,247 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - Moondance.jpg
[2009/03/25 18:06:44 | 00,079,507 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Van_Morrison-Discography-1968-2006_[mininova].torrent
[2009/03/22 13:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/22 12:24:23 | 00,037,332 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Magnolia[1999]DvDrip-TB.4193725.TPB_[mininova].torrent
[2009/03/21 21:43:02 | 00,084,717 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Man_on_the_moon_[mininova].torrent
[2009/03/20 19:13:48 | 57,591,705 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cfmupodcast.mp3
[2009/03/20 01:11:47 | 00,056,198 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Punch_Drunk_Love_[mininova].torrent
[2009/03/18 21:44:05 | 00,091,568 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Duncan.fdr
[2009/03/17 23:26:31 | 00,058,165 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[isoHunt]_T-Rex-21_cd.torrent
[2009/03/17 02:22:22 | 00,012,588 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xltx
[2009/03/17 02:20:01 | 00,012,604 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xlsx
[2009/03/17 02:17:47 | 02,366,464 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\directionsupdated.doc
[2009/03/16 21:38:48 | 00,469,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\directions.doc
[2009/03/16 18:23:12 | 00,200,192 | ---- | M] (SC BitDefender , Romania) -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_gui.exe
[2009/03/16 17:27:56 | 00,137,216 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_console.exe
[2009/03/14 21:25:42 | 00,014,093 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Magnolia_[mininova].torrent

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\Nosferatu.sub:SummaryInformation
< End of report >

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 11 April 2009 - 08:48 PM

Hello.

Seems it's only the hosts from the Lop scan and the OTListIT2 scan.

First thing is first. Cracks and Keygenes....

Posted ImageCracks and Key Generators Warning

I see files related to cracks and keygene, this means You have used cracks or key generators.

You should know that use of these is considered illegal activity, as it bypasses copyright laws.

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a sm?rg?sbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.

Merely visiting such sites without downloading ANYTHING is one of the worst things a user can do online. They are illegal. Cracked software is notorious for carrying malware/infections. How do you think these people make their money... they aren't really giving you this software out of the goodness of their hearts.

Antivirus programs cannot protect you against what you are deliberately running. Those programs WILL be removed if you do not remove it yourself.

The HJT Teams will have 0 tolerance of members that continue to reinfect their system from use of such programs.

C:\DOCUME~1\Owner\My Documents\++Demonoid.com++-[PC]_Silent_Hill_4_The_Room_Crack_English_[ISO]_5259930.9226.torrent
C:\DOCUME~1\Owner\My Documents\Final Crack
C:\DOCUME~1\Owner\My Documents\Final Draft 7.0 with crack.zip
C:\DOCUME~1\Owner\My Documents\keygen.nfo
C:\DOCUME~1\Owner\My Documents\[isoHunt] The[1].Elder.Scrolls.IV.Oblivion NoDVD Crack.torrent
C:\DOCUME~1\Owner\My Documents\[isoHunt]_Microsoft_Office_2007_with_crack_[smaragdtorrent.to].torrent
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]
C:\DOCUME~1\Owner\My Documents\Final Crack\__MACOSX
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]\.DS_Store
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]\Keygen - Final Draft 7.exe
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]\Readme - CM.txt
C:\DOCUME~1\Owner\My Documents\Final Crack\__MACOSX\Final Draft 7 [K]
C:\DOCUME~1\Owner\My Documents\Final Crack\__MACOSX\Final Draft 7 [K]\._.DS_Store



Run Lop S&D using Option 2

Download Lop S&D by Eric_71 and save it to your desktop again if you have lost your copy..

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 2 to choose Option 2 (Fix + Hosts), then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes..
  • When it's done scanning, you may receive another notice. Click OK if prompted.
  • Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.
  • If you receive no notice, click on the Scan button near the bottom.
  • It will start scanning again like before.
  • When it is done, Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.If GMER doesn't work in Normal Mode try running it in Safe Mode
Note: Do Not run any program while GMER is running

Important!:Please do not select the Show all checkbox during the scan.

Post back with:
-LopR log
-GMER log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 marco d

marco d
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 April 2009 - 10:00 PM

Done and done:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Core™2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.557 7.5.557 (Not Activated)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:77 Go)
D:\ (Local Disk) - NTFS - Total:232 Go (Free:230 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - UDF - Total:5 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Sat 04/11/2009|22:29 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\Owner\Cookies\owner@adultfriendfinder[2].txt
Deleted! - C:\DOCUME~1\Owner\Cookies\owner@ero-advertising[1].txt
Deleted! - C:\DOCUME~1\Owner\Cookies\owner@adopt.euroclick[1].txt
Deleted! - C:\DOCUME~1\Owner\Cookies\owner@adopt.euroclick[3].txt
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Close upload noun internet
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[03/09/2008|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/07/2006|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3 XPack Trial
[01/13/2007|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[11/14/2006|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[02/10/2009|04:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[01/29/2009|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg7
[09/26/2006|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Borland
[09/29/2006|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[10/02/2006|06:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[01/31/2006|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[02/19/2009|06:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fallout3
[10/21/2006|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Final Draft
[08/08/2007|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> grim math seek close
[09/20/2007|06:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[09/26/2006|05:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[06/15/2008|01:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/11/2009|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/02/2009|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/11/2009|07:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[02/16/2009|01:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[03/16/2008|02:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[02/05/2009|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> vsosdk
[01/31/2006|11:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[02/22/2008|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[01/30/2006|06:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[09/20/2007|06:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AVG7
[09/20/2007|06:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/20/2007|06:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[03/09/2008|10:45] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[11/01/2006|02:23] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[11/14/2006|07:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[02/10/2009|04:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ATI
[04/02/2009|11:18] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AVG7
[08/13/2008|10:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitTorrent
[10/02/2007|11:21] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Codemasters
[05/28/2007|12:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Corel
[12/27/2007|02:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DivX
[10/21/2006|01:37] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Final Draft
[02/21/2007|05:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[04/11/2009|09:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Hamachi
[01/31/2006|03:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[01/30/2006|06:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[10/02/2007|11:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InstallShield
[01/30/2006|06:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> InterTrust
[03/24/2007|05:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[09/28/2006|10:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Leadertech
[01/31/2006|01:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[04/11/2009|07:59] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[04/02/2009|03:17] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[07/01/2007|05:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> NeroDCTemplates
[04/02/2009|03:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> RegistryDefense
[09/29/2006|06:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SecuROM
[01/30/2006|06:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[06/06/2008|03:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[04/10/2009|05:00] C:\DOCUME~1\Owner\APPLIC~1\<DIR> uTorrent
[11/11/2007|04:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> vlc
[04/08/2009|10:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Vso
[02/22/2008|08:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Windows Live Writer

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/22/2009 01:36 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/11/2009 09:03 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/13/2007|05:45] C:\Program Files\<DIR> AC3Filter
[07/02/2008|02:11] C:\Program Files\<DIR> Adobe
[10/02/2007|11:01] C:\Program Files\<DIR> AGEIA Technologies
[01/13/2007|01:48] C:\Program Files\<DIR> Ahead
[04/02/2009|04:33] C:\Program Files\<DIR> AML Products
[05/23/2008|02:38] C:\Program Files\<DIR> ANI
[12/17/2006|02:37] C:\Program Files\<DIR> Apple Software Update
[02/11/2009|01:01] C:\Program Files\<DIR> ATI
[02/10/2009|04:01] C:\Program Files\<DIR> ATI Technologies
[03/14/2008|12:58] C:\Program Files\<DIR> Audacity
[11/28/2008|04:59] C:\Program Files\<DIR> Audio Visualizations
[02/19/2009|06:27] C:\Program Files\<DIR> Bethesda Softworks
[09/29/2006|10:57] C:\Program Files\<DIR> Canon
[02/04/2009|01:10] C:\Program Files\<DIR> Cisco Systems
[02/18/2009|01:20] C:\Program Files\<DIR> Common Files
[01/30/2006|05:59] C:\Program Files\<DIR> ComPlus Applications
[12/02/2006|12:52] C:\Program Files\<DIR> Creative
[01/31/2006|11:29] C:\Program Files\<DIR> CyberLink
[01/31/2006|11:29] C:\Program Files\<DIR> CyberLink DVD Solution
[10/05/2006|10:07] C:\Program Files\<DIR> DAEMON Tools
[08/14/2008|03:07] C:\Program Files\<DIR> DivX
[05/23/2008|02:37] C:\Program Files\<DIR> D-Link
[08/28/2007|04:11] C:\Program Files\<DIR> dvdSanta
[03/06/2007|12:12] C:\Program Files\<DIR> EA GAMES
[01/31/2006|12:40] C:\Program Files\<DIR> Encarta
[11/07/2008|05:23] C:\Program Files\<DIR> File Scanner Library (Spybot - Search & Destroy)
[10/21/2006|01:40] C:\Program Files\<DIR> Final Draft 7
[10/21/2006|01:36] C:\Program Files\<DIR> Final Draft Tagger
[02/21/2007|05:07] C:\Program Files\<DIR> Google
[09/20/2007|06:08] C:\Program Files\<DIR> Grisoft
[09/07/2008|04:36] C:\Program Files\<DIR> Hamachi
[02/19/2009|06:27] C:\Program Files\<DIR> InstallShield Installation Information
[01/31/2006|03:33] C:\Program Files\<DIR> Intel
[10/02/2006|05:37] C:\Program Files\<DIR> Intel Audio Studio
[01/31/2006|04:44] C:\Program Files\<DIR> Intel Desktop Board
[04/05/2009|05:10] C:\Program Files\<DIR> Internet Explorer
[03/22/2009|11:11] C:\Program Files\<DIR> Java
[07/24/2008|03:27] C:\Program Files\<DIR> Konami
[06/15/2008|01:15] C:\Program Files\<DIR> Lavasoft
[04/11/2009|07:59] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/14/2008|07:02] C:\Program Files\<DIR> Messenger
[02/18/2009|01:29] C:\Program Files\<DIR> Microsoft
[01/31/2006|12:40] C:\Program Files\<DIR> Microsoft Digital Image 2006
[01/30/2006|06:06] C:\Program Files\<DIR> microsoft frontpage
[09/07/2008|06:25] C:\Program Files\<DIR> Microsoft Games
[02/19/2009|06:53] C:\Program Files\<DIR> Microsoft Games for Windows - LIVE
[01/31/2006|01:45] C:\Program Files\<DIR> Microsoft IntelliType Pro
[01/31/2006|01:44] C:\Program Files\<DIR> Microsoft IntelliType Pro 5.5
[01/31/2006|12:43] C:\Program Files\<DIR> Microsoft Location Finder
[01/31/2006|12:38] C:\Program Files\<DIR> microsoft money 2006
[11/26/2008|12:07] C:\Program Files\<DIR> Microsoft Office
[01/31/2006|12:43] C:\Program Files\<DIR> Microsoft Streets and Trips Essentials
[11/26/2008|12:07] C:\Program Files\<DIR> Microsoft Visual Studio
[11/26/2008|12:01] C:\Program Files\<DIR> Microsoft Visual Studio 8
[11/26/2008|12:09] C:\Program Files\<DIR> Microsoft Works
[01/31/2006|12:33] C:\Program Files\<DIR> Microsoft Works Suite 2006
[11/26/2008|12:05] C:\Program Files\<DIR> Microsoft.NET
[05/22/2008|01:57] C:\Program Files\<DIR> Movie Maker
[02/19/2009|06:25] C:\Program Files\<DIR> MSBuild
[04/21/2008|11:21] C:\Program Files\<DIR> MSN
[01/30/2006|05:55] C:\Program Files\<DIR> MSN Gaming Zone
[01/30/2006|06:20] C:\Program Files\<DIR> MSXML 4.0
[10/30/2006|09:46] C:\Program Files\<DIR> Nero
[05/22/2008|01:54] C:\Program Files\<DIR> NetMeeting
[01/30/2006|05:59] C:\Program Files\<DIR> Online Services
[05/22/2008|01:54] C:\Program Files\<DIR> Outlook Express
[12/06/2006|09:51] C:\Program Files\<DIR> QuickTime
[02/19/2009|06:23] C:\Program Files\<DIR> Reference Assemblies
[06/15/2008|12:41] C:\Program Files\<DIR> Resident Evil 4
[11/07/2008|05:23] C:\Program Files\<DIR> SDHelper (Spybot - Search & Destroy)
[01/30/2006|06:25] C:\Program Files\<DIR> SigmaTel
[01/30/2006|06:29] C:\Program Files\<DIR> Silicon Image
[01/28/2009|06:01] C:\Program Files\<DIR> SPSS Student
[04/11/2009|12:40] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/07/2008|05:23] C:\Program Files\<DIR> TeaTimer (Spybot - Search & Destroy)
[02/08/2009|02:30] C:\Program Files\<DIR> TOD 012009
[05/10/2008|01:41] C:\Program Files\<DIR> Trend Micro
[12/01/2006|11:31] C:\Program Files\<DIR> Ubisoft
[01/30/2006|06:14] C:\Program Files\<DIR> Uninstall Information
[08/30/2008|12:32] C:\Program Files\<DIR> uTorrent
[11/11/2007|04:49] C:\Program Files\<DIR> VideoLAN
[09/28/2006|10:19] C:\Program Files\<DIR> viewsonic
[08/28/2007|02:17] C:\Program Files\<DIR> VSO
[04/10/2007|11:40] C:\Program Files\<DIR> Windows Journal Viewer
[02/18/2009|01:30] C:\Program Files\<DIR> Windows Live
[04/05/2009|07:39] C:\Program Files\<DIR> Windows Live Safety Center
[02/18/2009|01:29] C:\Program Files\<DIR> Windows Live SkyDrive
[12/19/2006|10:08] C:\Program Files\<DIR> Windows Media Connect 2
[12/19/2006|10:08] C:\Program Files\<DIR> Windows Media Player
[05/22/2008|01:54] C:\Program Files\<DIR> Windows NT
[01/30/2006|05:59] C:\Program Files\<DIR> Windows Plus
[01/30/2006|06:04] C:\Program Files\<DIR> WindowsUpdate
[10/06/2006|10:57] C:\Program Files\<DIR> WinRAR
[09/26/2006|05:44] C:\Program Files\<DIR> WordPerfect Office X3
[01/30/2006|06:06] C:\Program Files\<DIR> xerox
[08/29/2007|03:09] C:\Program Files\<DIR> Xvid
[01/02/2007|04:28] C:\Program Files\<DIR> ZA-QR7
[02/08/2009|02:30] C:\Program Files\<DIR> Zero G Registry

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/09/2008|10:33] C:\Program Files\Common Files\<DIR> Adobe
[01/13/2007|01:45] C:\Program Files\Common Files\<DIR> Ahead
[09/26/2006|05:43] C:\Program Files\Common Files\<DIR> Borland Shared
[09/26/2006|05:43] C:\Program Files\Common Files\<DIR> Corel
[11/26/2008|12:07] C:\Program Files\Common Files\<DIR> DESIGNER
[02/04/2009|01:11] C:\Program Files\Common Files\<DIR> Deterministic Networks
[01/31/2006|12:59] C:\Program Files\Common Files\<DIR> InstallShield
[01/30/2006|06:29] C:\Program Files\Common Files\<DIR> Java
[01/13/2007|01:48] C:\Program Files\Common Files\<DIR> LightScribe
[02/18/2009|01:29] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/30/2006|06:03] C:\Program Files\Common Files\<DIR> MSSoap
[01/13/2007|01:46] C:\Program Files\Common Files\<DIR> Nero
[01/31/2006|01:43] C:\Program Files\Common Files\<DIR> ODBC
[01/30/2006|06:03] C:\Program Files\Common Files\<DIR> Services
[01/31/2006|01:43] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/26/2008|12:14] C:\Program Files\Common Files\<DIR> System
[02/18/2009|01:20] C:\Program Files\Common Files\<DIR> Windows Live
[02/22/2008|08:47] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[06/15/2008|01:14] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 51 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 22:29:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 280

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\My Documents\++Demonoid.com++-[PC]_Silent_Hill_4_The_Room_Crack_English_[ISO]_5259930.9226.torrent
C:\DOCUME~1\Owner\My Documents\Final Crack
C:\DOCUME~1\Owner\My Documents\Final Draft 7.0 with crack.zip
C:\DOCUME~1\Owner\My Documents\keygen.nfo
C:\DOCUME~1\Owner\My Documents\[isoHunt] The[1].Elder.Scrolls.IV.Oblivion NoDVD Crack.torrent
C:\DOCUME~1\Owner\My Documents\[isoHunt]_Microsoft_Office_2007_with_crack_[smaragdtorrent.to].torrent
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]
C:\DOCUME~1\Owner\My Documents\Final Crack\__MACOSX
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]\.DS_Store
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]\Keygen - Final Draft 7.exe
C:\DOCUME~1\Owner\My Documents\Final Crack\Final Draft 7 [K]\Readme - CM.txt
C:\DOCUME~1\Owner\My Documents\Final Crack\__MACOSX\Final Draft 7 [K]
C:\DOCUME~1\Owner\My Documents\Final Crack\__MACOSX\Final Draft 7 [K]\._.DS_Store
C:\DOCUME~1\Owner\Recent\Final Draft 7.0 with crack.lnk


[F:191][D:46]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:661][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:542][D:7]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 04/11/2009|21:17 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sat 04/11/2009|22:30 - Option : [2]

--------------------\\ Scan completed at 22:30:51

#8 marco d

marco d
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 11 April 2009 - 10:02 PM

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-04-11 22:53:37
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2E45 805046E1 3 Bytes [ C1, ED, B9 ]
.text ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 7C90D160 5 Bytes JMP 72033FC8

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8A6D0788
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8A6D0788
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 89F79EB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 89F79EB0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 89F79EB0
Device \Driver\00000110 \Device\00000050 IRP_MJ_POWER [B9EE2F68] sptd.sys
Device \Driver\00000110 \Device\00000050 IRP_MJ_SYSTEM_CONTROL [B9EF7A70] sptd.sys
Device \Driver\00000110 \Device\00000050 IRP_MJ_PNP [B9EF0728] sptd.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8A6D00E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8A6D00E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F7BFEBA6-9C26-42B7-AA09-7E1D74F6DAC4} IRP_MJ_CREATE 89FB9C38
Device \Driver\NetBT \Device\NetBT_Tcpip_{F7BFEBA6-9C26-42B7-AA09-7E1D74F6DAC4} IRP_MJ_CLOSE 89FB9C38
Device \Driver\NetBT \Device\NetBT_Tcpip_{F7BFEBA6-9C26-42B7-AA09-7E1D74F6DAC4} IRP_MJ_DEVICE_CONTROL 89FB9C38
Device \Driver\NetBT \Device\NetBT_Tcpip_{F7BFEBA6-9C26-42B7-AA09-7E1D74F6DAC4} IRP_MJ_INTERNAL_DEVICE_CONTROL 89FB9C38
Device \Driver\NetBT \Device\NetBT_Tcpip_{F7BFEBA6-9C26-42B7-AA09-7E1D74F6DAC4} IRP_MJ_CLEANUP 89FB9C38
Device \Driver\NetBT \Device\NetBT_Tcpip_{F7BFEBA6-9C26-42B7-AA09-7E1D74F6DAC4} IRP_MJ_PNP 89FB9C38
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8A683550
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8A683550
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 89FB4EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 89FB4EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8A18C910
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8A18C910
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8A18C910
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8A18C910
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8A18C910
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8A18C910
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A18C910
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8A18C910
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8A18C910
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8A18C910
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8A18C910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8A18C910
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 89FB9C38
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 89FB9C38
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 89FB9C38
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 89FB9C38
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 89FB9C38
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 89FB9C38
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 89FB9C38
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 89FB9C38
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 89FB9C38
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 89FB9C38
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 89FB9C38
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 89FB9C38
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8A6D0A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8A6D0A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8A6D0A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8A6D0A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8A6D0A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8A6D0A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6D0A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8A6D0A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8A6D0A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8A6D0A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 8A6D0A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 8A6D0A40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 89FA3EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 89FA3EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 89FDAEB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 89FDAEB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8A683550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8A683550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8A683550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8A683550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8A683550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8A683550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8A683550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8A683550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8A683550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8A683550
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8A683550
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 89FCDC10
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 89FCDC10
Device \Driver\NetBT \Device\NetBT_Tcpip_{85C3B1A8-040D-4729-A41E-DF7B7D280D2C} IRP_MJ_CREATE 89FB9C38
Device \Driver\NetBT \Device\NetBT_Tcpip_{85C3B1A8-040D-4729-A41E-DF7B7D280D2C} IRP_MJ_CLOSE 89FB9C38
Device \Driver\NetBT \Device\NetBT_Tcpip_{85C3B1A8-040D-4729-A41E-DF7B7D280D2C} IRP_MJ_DEVICE_CONTROL 89FB9C38
Device \Driver\NetBT \Device\NetBT_Tcpip_{85C3B1A8-040D-4729-A41E-DF7B7D280D2C} IRP_MJ_INTERNAL_DEVICE_CONTROL 89FB9C38
Device \Driver\NetBT \Device\NetBT_Tcpip_{85C3B1A8-040D-4729-A41E-DF7B7D280D2C} IRP_MJ_CLEANUP 89FB9C38
Device \Driver\NetBT \Device\NetBT_Tcpip_{85C3B1A8-040D-4729-A41E-DF7B7D280D2C} IRP_MJ_PNP 89FB9C38
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 IRP_MJ_CREATE 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 IRP_MJ_CLOSE 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 IRP_MJ_DEVICE_CONTROL 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 IRP_MJ_POWER 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 IRP_MJ_SYSTEM_CONTROL 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 IRP_MJ_PNP 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path3Target1fLun0 IRP_MJ_CREATE 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path3Target1fLun0 IRP_MJ_CLOSE 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path3Target1fLun0 IRP_MJ_DEVICE_CONTROL 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path3Target1fLun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path3Target1fLun0 IRP_MJ_POWER 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path3Target1fLun0 IRP_MJ_SYSTEM_CONTROL 8A6D0C78
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port3Path3Target1fLun0 IRP_MJ_PNP 8A6D0C78
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_CLOSE 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_POWER 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_PNP 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 8A16A0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 8A16A0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 89F8CCA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 89F8CCA8



The rest of the GMER scan:


---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1809067083-1574323382-3987669112-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xA0 0x6D 0x7D 0x38 ...
Reg \Registry\USER\S-1-5-21-1809067083-1574323382-3987669112-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xAA 0xC7 0x08 0x29 ...

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Owner\Favorites\2RA3E - Research Design & Statistics for Behavioural Science.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\2RB3E - Research Design & Statistics for Behavioural Science.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\3T03E - Behavioural Ecology Department of Psychology, Neu.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\911Tabs.Com - External Link.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\AOE3 Forums - The SEAR.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\AOM and AOT Error connecting to ESO stats server - Age of Mythology Heaven Forum.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\Awkward.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\BIOONE Online Journals - THE ROLES OF NATURAL AND SEXUAL SELECTION DURING ADAPTATION TO A NOVEL ENVIRONMENT.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\Black20 Trailer Park 300 - PG Version video.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\Blame Halo 3 Video.url:favicon
ADS C:\Documents and Settings\Owner\Favorites\Bob Meets the Beatles - CollegeHumor video.url:favicon
ADS ...
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\01\10-{3F033759-CC12-2268-A858-F90B098B3FE6}-v1-{7489714A-3FBE-4E55-BEBD-0CE9FED86594}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\14\14-{F20AAFA1-96C5-4712-831D-7017DA574034}-v14-{F20AAFA1-96C5-4712-831D-7017DA574034}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\15\15-{F20AAFA1-96C5-4712-831D-7017DA574034}-v15-{F20AAFA1-96C5-4712-831D-7017DA574034}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\16\16-{F20AAFA1-96C5-4712-831D-7017DA574034}-v16-{F20AAFA1-96C5-4712-831D-7017DA574034}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\17\17-{F20AAFA1-96C5-4712-831D-7017DA574034}-v17-{F20AAFA1-96C5-4712-831D-7017DA574034}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\18\18-{F20AAFA1-96C5-4712-831D-7017DA574034}-v18-{F20AAFA1-96C5-4712-831D-7017DA574034}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\19\19-{F20AAFA1-96C5-4712-831D-7017DA574034}-v19-{F20AAFA1-96C5-4712-831D-7017DA574034}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\20\20-{F20AAFA1-96C5-4712-831D-7017DA574034}-v20-{F20AAFA1-96C5-4712-831D-7017DA574034}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\21\21-{F20AAFA1-96C5-4712-831D-7017DA574034}-v21-{F20AAFA1-96C5-4712-831D-7017DA574034}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\22\22-{F20AAFA1-96C5-4712-831D-7017DA574034}-v22-{F20AAFA1-96C5-4712-831D-7017DA574034}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\23\23-{F20AAFA1-96C5-4712-831D-7017DA574034}-v23-{F20AAFA1-96C5-4712-831D-7017DA574034}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\24\24-{F20AAFA1-96C5-4712-831D-7017DA574034}-v24-{F20AAFA1-96C5-4712-831D-7017DA574034}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\25\25-{F20AAFA1-96C5-4712-831D-7017DA574034}-v25-{F20AAFA1-96C5-4712-831D-7017DA574034}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\26\26-{F20AAFA1-96C5-4712-831D-7017DA574034}-v26-{F20AAFA1-96C5-4712-831D-7017DA574034}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\27\27-{F20AAFA1-96C5-4712-831D-7017DA574034}-v27-{F20AAFA1-96C5-4712-831D-7017DA574034}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\metal_head717@hotmail.com\SharingMetadata\strange_brew08@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\28\28-{F20AAFA1-96C5-4712-831D-7017DA574034}-v28-{F20AAFA1-96C5-4712-831D-7017DA574034}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\00\100-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v100-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\01\101-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v101-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v101-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\01\91-{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}-v1-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v91-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\02\102-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v102-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v102-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\03\103-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v103-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v103-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\04\104-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v104-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v104-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\05\105-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v105-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v105-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\06\106-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v106-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v106-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\07\107-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v107-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\08\108-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v108-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v108-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\88\88-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v88-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v88-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\94\94-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v94-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\95\95-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v95-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\95\95-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v95-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\95\95-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v95-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\95\95-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v95-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\96\96-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v96-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v96-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\97\97-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v97-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\98\98-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v98-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v98-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\acarbonara88@gmail.com\DFSR\Staging\CS{01F2CA5B-DCB7-B15B-97D8-85EB7379FC45}\99\99-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v99-{B8D345C9-2C00-44A1-B064-514FAE233BF5}-v99-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\00\1200-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1200-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1200-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\00\1200-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1200-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1200-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\00\1200-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1200-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1200-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\01\1201-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1201-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1201-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\01\1201-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1201-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1201-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\01\1201-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1201-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1201-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\01\22-{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}-v1-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\02\1202-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1202-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1202-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\02\1202-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1202-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1202-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\02\1202-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1202-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1202-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\03\1203-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1203-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1203-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\03\1203-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1203-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1203-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\03\1203-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1203-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1203-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\04\1204-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1204-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1204-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\04\1204-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1204-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1204-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\04\1204-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1204-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1204-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\05\1205-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1205-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1205-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\05\1205-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1205-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1205-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\05\1205-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1205-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1205-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\06\1206-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1206-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1206-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\06\1206-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1206-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1206-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\06\1206-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1206-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1206-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\14\314-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v314-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\14\314-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v314-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\14\314-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v314-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\14\314-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v314-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\27\327-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v327-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v327-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\28\1218-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v328-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1218-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\28\1218-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v328-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1218-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\28\1218-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v328-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1218-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\90\990-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v990-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v990-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\90\990-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v990-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v990-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\90\990-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v990-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v990-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\91\1091-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1091-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1091-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\91\1091-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1091-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1091-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\91\1091-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1091-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1091-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\91\191-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v191-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v191-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\91\291-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v291-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v291-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\91\91-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v91-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v91-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\91\991-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v991-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v991-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\91\991-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v991-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v991-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\91\991-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v991-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v991-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\92\1092-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1092-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1092-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\92\1092-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1092-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1092-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\92\1092-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1092-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1092-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\92\292-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v292-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v292-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\92\92-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v92-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v92-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\93\1093-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1093-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1093-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\93\1093-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1093-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1093-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\93\1093-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1093-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1093-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\93\293-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v293-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v293-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\93\93-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v93-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v93-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\94\1094-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1094-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1094-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\94\1094-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1094-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1094-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\94\1094-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1094-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1094-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\94\294-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v294-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v294-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\94\694-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v694-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v694-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\94\94-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v94-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\95\1095-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1095-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1095-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\95\1095-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1095-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1095-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\95\1095-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1095-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1095-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\95\295-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v295-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v295-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\95\695-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v695-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v695-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\95\695-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v695-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v695-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\95\695-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v695-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v695-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\95\95-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v95-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\96\1096-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1096-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1096-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\96\1096-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1096-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1096-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\96\1096-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1096-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1096-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\96\296-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v296-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v296-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\96\696-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v696-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v696-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\96\696-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v696-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v696-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\96\696-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v696-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v696-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\96\96-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v96-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v96-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\97\1097-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1097-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1097-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\97\1097-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1097-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1097-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\97\1097-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1097-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1097-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\97\1197-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1197-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1197-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\97\297-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v297-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v297-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\97\697-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v697-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v697-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\97\697-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v697-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v697-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\97\697-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v697-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v697-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\97\97-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v97-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\1098-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1098-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1098-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\1098-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1098-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1098-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\1098-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1098-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1098-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\1198-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1198-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1198-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\1198-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1198-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1198-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\1198-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1198-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1198-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\298-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v298-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v298-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\698-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v698-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v698-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\698-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v698-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v698-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\698-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v698-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v698-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\98\98-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v98-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v98-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\99\1099-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1099-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1099-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\99\1099-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1099-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1099-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\99\1099-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1099-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1099-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\99\1199-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1199-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1199-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\99\1199-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1199-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1199-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\99\1199-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1199-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1199-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\99\299-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v299-{E1B8AEBC-5739-489A-826F-28A4ADDC4E94}-v299-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\99\699-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v699-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v699-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\99\699-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v699-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v699-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\conspiracy_2001@hotmail.com\DFSR\Staging\CS{FFAA6B17-8A1F-4FF6-2687-C6C0433AF132}\99\699-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v699-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v699-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\01\12-{2CCF852A-C4A0-27EE-40FB-AA00703A007B}-v1-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\03\1586-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3303-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1586-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\04\1587-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3304-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1587-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\05\3317-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3305-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\06\3318-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3306-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\07\3319-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3307-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3319-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\08\3320-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3308-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3320-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\09\3321-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3309-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3321-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\22\3330-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3322-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3330-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\23\3331-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3323-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3331-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\24\3332-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3324-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3332-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\25\25-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v25-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\25\3333-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3325-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3333-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\26\26-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v26-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\26\26-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v26-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\26\26-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v26-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\26\3334-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3326-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3334-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\27\27-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v27-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\27\27-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v27-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\27\27-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v27-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\27\3335-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3327-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3335-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\28\28-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v28-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\28\28-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v28-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\28\28-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v28-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\28\3336-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3328-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3336-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\29\29-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v29-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\29\29-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v29-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\29\29-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v29-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\29\3337-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3329-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3337-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\30\30-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v30-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\30\30-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v30-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\30\30-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v30-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\31\31-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v31-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\31\31-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v31-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\31\31-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v31-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\32\32-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v32-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\32\32-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v32-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\32\32-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v32-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\33\33-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v33-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\33\33-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v33-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\33\33-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v33-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\34\34-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v34-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\34\34-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v34-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\34\34-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v34-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\35\35-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v35-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\35\35-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v35-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\35\35-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v35-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\36\36-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v36-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\36\36-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v36-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\36\36-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v36-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\37\37-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v37-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\37\37-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v37-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\37\37-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v37-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\38\38-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v38-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\38\38-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v38-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\38\38-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v38-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\41\3341-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3341-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3341-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\42\3342-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3342-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3342-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\43\3343-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3343-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3343-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\44\3344-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3344-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3344-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\45\3345-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3345-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3345-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\46\3346-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3346-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3346-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\47\3347-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3347-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3347-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\48\3348-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3348-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3348-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\49\3349-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3349-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3349-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\90\3190-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3190-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3190-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\91\1534-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3191-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1534-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\91\1534-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3191-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1534-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\91\1534-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3191-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1534-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\92\3206-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3192-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3206-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\93\3207-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3193-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3207-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\93\3293-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3293-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3293-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\94\1574-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3294-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1574-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\94\1574-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3294-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1574-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\94\1574-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3294-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1574-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\94\3208-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3194-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3208-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\95\1295-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1295-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1295-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\95\1295-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1295-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1295-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\95\1295-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1295-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1295-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\95\1295-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1295-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1295-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\95\3209-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3195-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3209-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\95\3295-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3295-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3295-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\96\1296-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1296-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1296-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\96\1296-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1296-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1296-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\96\1296-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1296-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1296-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\96\3210-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3196-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3210-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\96\3296-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3296-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3296-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\97\1297-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1297-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1297-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\97\1297-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1297-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1297-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\97\1297-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1297-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v1297-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\97\3211-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3197-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3211-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\97\3297-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3297-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3297-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\2811-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2798-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2811-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\2811-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2798-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2811-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\2811-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2798-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2811-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\3212-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3198-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3212-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\3298-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3298-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3298-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\598-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v598-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v598-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\598-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v598-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v598-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\598-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v598-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v598-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\898-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v898-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v898-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\898-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v898-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v898-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\898-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v898-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v898-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\998-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v998-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v998-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\998-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v998-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v998-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\98\998-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v998-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v998-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\1999-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v1999-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v1999-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\2812-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2799-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2812-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\2812-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2799-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2812-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\2812-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2799-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v2812-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\3213-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3199-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3213-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\3299-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3299-{3E04F8F9-0BA4-4680-B6E8-C245B940EC0F}-v3299-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\599-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v599-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v599-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\599-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v599-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v599-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\599-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v599-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v599-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\899-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v899-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v899-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\999-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v999-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v999-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\999-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v999-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v999-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\dimassimo01@hotmail.com\DFSR\Staging\CS{2CCF852A-C4A0-27EE-40FB-AA00703A007B}\99\999-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v999-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v999-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\label_boy41@hotmail.com\DFSR\Staging\CS{87B53B93-8931-2D17-18F8-BB0E626175F3}\01\11-{87B53B93-8931-2D17-18F8-BB0E626175F3}-v1-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\label_boy41@hotmail.com\DFSR\Staging\CS{87B53B93-8931-2D17-18F8-BB0E626175F3}\21\21-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v21-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\label_boy41@hotmail.com\DFSR\Staging\CS{87B53B93-8931-2D17-18F8-BB0E626175F3}\21\21-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v21-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\label_boy41@hotmail.com\DFSR\Staging\CS{87B53B93-8931-2D17-18F8-BB0E626175F3}\21\21-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v21-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\label_boy41@hotmail.com\DFSR\Staging\CS{87B53B93-8931-2D17-18F8-BB0E626175F3}\22\22-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v22-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\label_boy41@hotmail.com\DFSR\Staging\CS{87B53B93-8931-2D17-18F8-BB0E626175F3}\22\22-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v22-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\maple_leafs_r2@hotmail.com\DFSR\Staging\CS{1C7B3F52-19B1-44C3-0B22-596D8927C758}\01\14-{1C7B3F52-19B1-44C3-0B22-596D8927C758}-v1-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\metal_head717@hotmail.com\DFSR\Staging\CS{3F033759-CC12-2268-A858-F90B098B3FE6}\01\10-{3F033759-CC12-2268-A858-F90B098B3FE6}-v1-{DFF97600-7BB0-4E9F-85CD-6DA0FC1BF4FD}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\01\16-{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}-v1-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\11\11-{88F3D338-4374-4017-937A-9E57D7A4EBA1}-v11-{88F3D338-4374-4017-937A-9E57D7A4EBA1}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\12\12-{88F3D338-4374-4017-937A-9E57D7A4EBA1}-v12-{88F3D338-4374-4017-937A-9E57D7A4EBA1}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\13\13-{88F3D338-4374-4017-937A-9E57D7A4EBA1}-v13-{88F3D338-4374-4017-937A-9E57D7A4EBA1}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\14\14-{88F3D338-4374-4017-937A-9E57D7A4EBA1}-v14-{88F3D338-4374-4017-937A-9E57D7A4EBA1}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\17\17-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v17-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\17\17-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v17-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\18\18-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v18-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\18\18-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v18-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\19\19-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v19-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\19\19-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v19-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\20\20-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v20-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\strange_brew08@hotmail.com\SharingMetadata\ronaldo_soccer9@hotmail.com\DFSR\Staging\CS{A6C9BC8F-8210-1028-E9D5-8F09CFE803FB}\20\20-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v20-{076226B9-A81A-4E48-8B8A-E817E038C8B3}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.12 ----

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 12 April 2009 - 10:05 AM

Hello.

Please remove those Cracks and Keygen related files now that were detected by Lop S&D!


Update Java to Version 6 Update 12

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Post back with:
-Did you remove those cracks related files?
-Kaspersky log
-New OTListIT log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 marco d

marco d
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 12 April 2009 - 10:58 PM

Hi

I removed crack related files, installed JRE 6 Update 13, and here's kaspersky log (it found 2 infections) and OTlist log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, April 12, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, April 13, 2009 00:28:04
Records in database: 2039040
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 116960
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 03:53:36


File name / Threat name / Threats count
C:\Documents and Settings\Owner\My Documents\BitGrabber-4.2.0.0-setup-0210.exe Infected: not-a-virus:AdWare.Win32.Lop.bo 1
C:\Documents and Settings\Owner\My Documents\BitGrabber-4.2.0.0-setup-0210.exe Infected: Trojan.Win32.Obfuscated.en 1

The selected area was scanned.




OTListIt logfile created on: 4/12/2009 11:52:38 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.12% Memory free
3.85 Gb Paging File | 3.03 Gb Available in Paging File | 78.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 77.74 Gb Free Space | 33.38% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 230.09 Gb Free Space | 98.80% Space Free | Partition Type: NTFS
Drive E: | 464.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARCO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/01/14 00:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/01/14 00:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/06/15 13:15:32 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2003/12/08 18:35:14 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2005/12/04 17:38:58 | 00,437,008 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2005/12/10 10:57:19 | 00,133,016 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006/12/06 21:51:39 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2009/02/24 13:42:55 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
PRC - [2007/10/24 14:31:15 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
PRC - [2005/08/24 19:25:00 | 00,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe
PRC - [2009/02/06 19:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
PRC - [2007/09/20 18:08:59 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
PRC - [2007/07/16 12:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/09/10 22:56:24 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2008/09/07 16:35:57 | 00,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/01/20 12:20:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/12/12 16:32:32 | 00,053,248 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2009/04/12 19:16:58 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/19 01:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2009/04/12 19:16:57 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/04/12 19:40:06 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Owner\Local Settings\Temp\jkos-Owner\binaries\ScanningProcess.exe
PRC - [2009/04/12 19:40:06 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Owner\Local Settings\Temp\jkos-Owner\binaries\ScanningProcess.exe
PRC - [2009/04/11 20:12:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/15 13:15:32 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2004/10/22 13:42:44 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
SRV - [2007/10/24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/01/14 00:34:00 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/01/13 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2007/10/24 14:31:15 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
SRV - [2007/09/20 18:08:59 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
SRV - [2007/10/24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/07/16 12:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/10/20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/01/20 12:20:00 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/10/30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/12/12 16:32:32 | 00,053,248 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\Stacsv.exe -- (STacSV [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2009/04/12 19:16:58 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/05/23 04:15:00 | 00,547,744 | ---- | M] (D-Link Corporation) -- C:\WINDOWS\system32\DRIVERS\A3AB.sys -- (A3AB [On_Demand | Running])
DRV - [2004/07/27 11:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32 [System | Running])
DRV - [2009/01/14 03:14:01 | 03,455,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/10/24 14:31:10 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core [System | Running])
DRV - [2007/09/20 18:08:55 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
DRV - [2007/09/20 18:08:57 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
DRV - [2007/12/21 12:23:55 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean [System | Running])
DRV - [2007/01/18 16:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2007/07/16 12:57:12 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2007/01/31 14:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2006/10/05 22:07:33 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - [2005/09/14 21:24:08 | 00,179,200 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2009/04/11 22:31:41 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [On_Demand | Stopped])
DRV - [2008/09/07 16:35:58 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/08/31 16:31:44 | 00,020,480 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2007/08/28 14:17:09 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004/08/10 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/12 21:53:12 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/08/20 15:29:17 | 00,011,376 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/12/02 17:38:04 | 00,041,728 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32 [On_Demand | Running])
DRV - [2005/03/31 12:32:42 | 00,175,104 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5 [Boot | Running])
DRV - [2004/11/01 13:21:32 | 00,010,368 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter [Boot | Running])
DRV - [2006/10/05 22:04:57 | 00,643,072 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/12/12 16:32:54 | 01,083,576 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2005/01/26 10:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
IE - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\S-1-5-21-1809067083-1574323382-3987669112-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/12 19:17:00 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKLM..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon (CANON INC.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" (Corel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=021506 serial=wo12wrx-0000043-sgj lang=EN File not found
O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-20..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized File not found
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html ()
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html ()
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html ()
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1809067083-1574323382-3987669112-1003\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/30 18:05:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/11 21:00:11 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/06/20 17:48:38 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/11 21:00:11 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2003/07/10 18:09:09 | 00,000,111 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/09/08 17:13:25 | 00,000,058 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6d782b58-54df-11db-8f0e-0015e932e228}\Shell - "" = AutoRun
O33 - MountPoints2\{6d782b58-54df-11db-8f0e-0015e932e228}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6d782b58-54df-11db-8f0e-0015e932e228}\Shell\AutoRun\command - "" = F:\FalloutLauncher.exe -- [2008/10/28 12:35:19 | 18,552,088 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\{8e781ab6-4f21-11db-8efa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8e781ab6-4f21-11db-8efa-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e781ab6-4f21-11db-8efa-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2003/09/02 16:33:27 | 00,860,229 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8e781ab6-4f21-11db-8efa-806d6172696f}\Shell\setup\command - "" = E:\setup.exe -- [2003/09/02 16:33:27 | 00,860,229 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{e646e236-9219-11da-a518-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e646e236-9219-11da-a518-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e646e236-9219-11da-a518-806d6172696f}\Shell\AutoRun\command - "" = D:\EISetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[15 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/12 20:14:15 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\April 2009.xlr
[2009/04/12 19:02:48 | 16,283,032 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\jre-6u13-windows-i586-p.exe
[2009/04/11 22:31:41 | 00,573,440 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/04/11 22:31:41 | 00,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/04/11 22:31:41 | 00,068,961 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/04/11 22:31:41 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/04/11 22:31:41 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/04/11 22:31:36 | 00,573,440 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\gmer.exe
[2009/04/11 22:31:25 | 00,490,698 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\gmer.zip
[2009/04/11 21:13:31 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/11 21:08:01 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\LopSD.exe
[2009/04/11 21:00:11 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/04/11 20:59:19 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Flash_Disinfector.exe
[2009/04/11 20:12:03 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt2.exe
[2009/04/11 19:59:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/11 19:59:41 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/11 19:59:41 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/11 19:59:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/11 19:59:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/11 19:59:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/11 19:59:08 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe
[2009/04/07 00:21:53 | 00,000,000 | ---D | C] -- C:\Errol Flynn - The Adventures of Robin Hood (1938) DVDrip (SiRiUs sHaRe)
[2009/04/06 23:40:12 | 00,000,000 | ---D | C] -- C:\A.Streetcar.Named.Desire.1951.464x336.25fps.739kbs.V4mp3.MultiSub.WunSeeDee
[2009/04/06 23:36:51 | 00,015,079 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\A_Streetcar_Named_Desire_1951_XviD_MultiSub_WunSeeDee_-++Demonoid.com++.torrent
[2009/04/06 23:34:55 | 00,000,000 | ---D | C] -- C:\Casablanca[1942]DvDrip[Eng]-FXG
[2009/04/06 23:33:27 | 00,224,876 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Casablanca[1942]DvDrip[Eng]_FXG-[]Demonoid.com[].torrent
[2009/04/06 23:32:09 | 00,029,072 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Errol_Flynn_The_Adventures_of_Robin_Hood_(1938)_DVDrip_(SiRiUs_sHaRe)-[Demonoid.com].torrent
[2009/04/05 16:56:18 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/04/05 16:25:26 | 00,502,752 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cfremover.exe
[2009/04/04 15:05:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/04 15:05:00 | 00,613,618 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\regnfile_01.exe
[2009/04/04 15:04:46 | 00,608,259 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\conficker_mem_killer.exe
[2009/04/02 17:18:15 | 00,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\Owner\My Documents\HijackThis.exe
[2009/04/02 17:04:44 | 00,648,560 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsXP-KB958644-x86-ENU.exe
[2009/04/02 17:02:12 | 01,288,568 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsServer2003.WindowsXP-KB958644-x64-ENU.exe
[2009/04/02 16:33:55 | 00,000,000 | ---D | C] -- C:\Program Files\AML Products
[2009/04/02 16:33:16 | 02,543,336 | ---- | C] (AML SOFTWARE ) -- C:\Documents and Settings\Owner\My Documents\regcleaner.exe
[2009/04/02 15:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RegistryDefense
[2009/04/02 15:52:36 | 01,847,824 | ---- | C] (Xionix Inc.) -- C:\Documents and Settings\Owner\My Documents\RegDefense.exe
[2009/04/02 15:29:32 | 04,915,600 | ---- | C] (F-Secure Corp.) -- C:\Documents and Settings\Owner\My Documents\f-downadup.exe
[2009/04/02 15:29:32 | 00,067,316 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\eult_eng.pdf
[2009/04/02 15:29:15 | 04,770,605 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\f-downadup.zip
[2009/04/02 12:43:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/02 11:49:23 | 00,000,167 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\plugins.htm
[2009/04/02 11:45:07 | 00,200,192 | ---- | C] (SC BitDefender , Romania) -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_gui.exe
[2009/04/02 11:45:07 | 00,142,848 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\libfn.dll
[2009/04/02 11:45:07 | 00,137,216 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_console.exe
[2009/04/02 11:45:07 | 00,102,400 | ---- | C] (BitDefender) -- C:\Documents and Settings\Owner\My Documents\bdcore.dll
[2009/04/02 11:45:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\plugins
[2009/04/02 11:44:43 | 02,402,613 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool.zip
[2009/03/31 23:02:26 | 00,029,883 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The Telemarketer.fdr
[2009/03/26 18:09:10 | 00,000,000 | ---D | C] -- C:\Before The Devil Knows Your Dead 2007 DVDRip Xvid AC3-FLAWL3SS
[2009/03/26 18:06:09 | 00,014,780 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Before_The_Devil_Knows_Your_Dead_2007_DVDRip_Xvid_AC3_FLAWL3SS-((Demonoid.com))_5259930.9226.torrent
[2009/03/26 00:33:50 | 00,000,000 | ---D | C] -- C:\Once Upon A Time In America
[2009/03/26 00:30:49 | 00,014,886 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[[Demonoid.com]]-Once_Upon_A_Time_In_America_[1984_Eng_Fre_Dvdrip_x264_aac]_5259930.9226.torrent
[2009/03/25 18:58:39 | 00,009,441 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - His Band And The Street Choir.jpg
[2009/03/25 18:20:44 | 00,010,247 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - Moondance.jpg
[2009/03/25 18:06:42 | 00,079,507 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Van_Morrison-Discography-1968-2006_[mininova].torrent
[2009/03/22 12:24:22 | 00,037,332 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Magnolia[1999]DvDrip-TB.4193725.TPB_[mininova].torrent
[2009/03/21 21:43:01 | 00,084,717 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Man_on_the_moon_[mininova].torrent
[2009/03/20 19:13:40 | 57,591,705 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cfmupodcast.mp3
[2009/03/20 01:11:45 | 00,056,198 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Punch_Drunk_Love_[mininova].torrent
[2009/03/17 23:26:30 | 00,058,165 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\[isoHunt]_T-Rex-21_cd.torrent
[2009/03/17 02:22:22 | 00,012,588 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xltx
[2009/03/17 02:20:00 | 00,012,604 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xlsx
[2009/03/16 21:39:06 | 02,366,464 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\directionsupdated.doc
[2009/03/14 21:25:41 | 00,014,093 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Magnolia_[mininova].torrent
[2008/10/28 18:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/22 18:22:18 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/19 13:23:17 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/05/19 13:23:17 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/05/19 13:23:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/05/19 13:23:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2008/05/19 13:20:56 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/05/19 13:20:56 | 00,000,342 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/08/29 15:09:51 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/29 15:09:51 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/25 22:14:07 | 00,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/07/16 12:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 12:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/05/03 21:41:48 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/03/26 10:45:18 | 00,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/02/20 14:59:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/20 14:59:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/02/13 23:58:00 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/26 23:02:12 | 00,000,008 | RHS- | C] () -- C:\WINDOWS\System32\77F9021F98.sys
[2006/10/06 14:47:05 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/10/05 22:07:33 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/10/05 22:04:57 | 00,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/10/05 22:04:57 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd3133.sys
[2006/10/01 10:39:09 | 00,002,150 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/30 22:53:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/09/29 22:56:37 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2006/09/29 19:02:18 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/28 22:18:21 | 00,000,086 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/01/31 18:29:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/31 18:27:19 | 00,000,396 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/31 12:37:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 08:00:00 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 08:00:00 | 00,000,643 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[15 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[2009/04/12 21:04:56 | 00,041,862 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/04/12 21:04:55 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\April 2009.xlr
[2009/04/12 19:16:22 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/12 19:14:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/12 19:13:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/12 19:02:48 | 16,283,032 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\jre-6u13-windows-i586-p.exe
[2009/04/12 00:41:52 | 01,579,274 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/11 22:33:44 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/04/11 22:31:41 | 00,565,311 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/04/11 22:31:41 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/04/11 22:31:41 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/04/11 22:31:31 | 00,490,698 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\gmer.zip
[2009/04/11 22:29:14 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/11 21:13:31 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\LopSD.exe
[2009/04/11 21:09:16 | 00,092,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/11 20:59:58 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Flash_Disinfector.exe
[2009/04/11 20:12:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTListIt2.exe
[2009/04/11 19:59:41 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/11 19:59:20 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup.exe
[2009/04/10 19:39:32 | 00,029,883 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The Telemarketer.fdr
[2009/04/10 17:00:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 17:00:54 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/10 13:07:37 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090410-130857.backup
[2009/04/06 23:36:53 | 00,015,079 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\A_Streetcar_Named_Desire_1951_XviD_MultiSub_WunSeeDee_-++Demonoid.com++.torrent
[2009/04/06 23:33:30 | 00,224,876 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Casablanca[1942]DvDrip[Eng]_FXG-[]Demonoid.com[].torrent
[2009/04/06 23:32:11 | 00,029,072 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Errol_Flynn_The_Adventures_of_Robin_Hood_(1938)_DVDrip_(SiRiUs_sHaRe)-[Demonoid.com].torrent
[2009/04/06 22:57:55 | 00,570,866 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/06 22:57:55 | 00,475,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/06 22:57:55 | 00,084,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 19:42:50 | 00,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/05 17:13:13 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2009/04/05 17:13:13 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090410-130737.backup
[2009/04/05 16:25:30 | 00,502,752 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cfremover.exe
[2009/04/04 15:25:42 | 00,000,643 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/04 15:25:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/04 15:23:54 | 00,000,167 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\plugins.htm
[2009/04/04 15:05:06 | 00,613,618 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\regnfile_01.exe
[2009/04/04 15:04:52 | 00,608,259 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\conficker_mem_killer.exe
[2009/04/02 17:04:52 | 00,648,560 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsXP-KB958644-x86-ENU.exe
[2009/04/02 17:02:21 | 01,288,568 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\WindowsServer2003.WindowsXP-KB958644-x64-ENU.exe
[2009/04/02 16:33:19 | 02,543,336 | ---- | M] (AML SOFTWARE ) -- C:\Documents and Settings\Owner\My Documents\regcleaner.exe
[2009/04/02 15:52:48 | 01,847,824 | ---- | M] (Xionix Inc.) -- C:\Documents and Settings\Owner\My Documents\RegDefense.exe
[2009/04/02 15:29:16 | 04,770,605 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\f-downadup.zip
[2009/04/02 11:58:17 | 00,305,352 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090405-171313.backup
[2009/04/02 11:44:49 | 02,402,613 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool.zip
[2009/03/31 11:17:18 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\March 2009.xlr
[2009/03/26 18:06:10 | 00,014,780 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Before_The_Devil_Knows_Your_Dead_2007_DVDRip_Xvid_AC3_FLAWL3SS-((Demonoid.com))_5259930.9226.torrent
[2009/03/26 00:30:50 | 00,014,886 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[[Demonoid.com]]-Once_Upon_A_Time_In_America_[1984_Eng_Fre_Dvdrip_x264_aac]_5259930.9226.torrent
[2009/03/25 18:58:39 | 00,009,441 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - His Band And The Street Choir.jpg
[2009/03/25 18:20:44 | 00,010,247 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Van Morrison - Moondance.jpg
[2009/03/25 18:06:44 | 00,079,507 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Van_Morrison-Discography-1968-2006_[mininova].torrent
[2009/03/22 13:36:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/22 12:24:23 | 00,037,332 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Magnolia[1999]DvDrip-TB.4193725.TPB_[mininova].torrent
[2009/03/21 21:43:02 | 00,084,717 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Man_on_the_moon_[mininova].torrent
[2009/03/20 19:13:48 | 57,591,705 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cfmupodcast.mp3
[2009/03/20 01:11:47 | 00,056,198 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Punch_Drunk_Love_[mininova].torrent
[2009/03/18 21:44:05 | 00,091,568 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Duncan.fdr
[2009/03/17 23:26:31 | 00,058,165 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\[isoHunt]_T-Rex-21_cd.torrent
[2009/03/17 02:22:22 | 00,012,588 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xltx
[2009/03/17 02:20:01 | 00,012,604 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Restaurants.xlsx
[2009/03/17 02:17:47 | 02,366,464 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\directionsupdated.doc
[2009/03/16 21:38:48 | 00,469,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\directions.doc
[2009/03/16 18:23:12 | 00,200,192 | ---- | M] (SC BitDefender , Romania) -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_gui.exe
[2009/03/16 17:27:56 | 00,137,216 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bd_rem_tool_console.exe
[2009/03/14 21:25:42 | 00,014,093 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Magnolia_[mininova].torrent

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\Nosferatu.sub:SummaryInformation
< End of report >

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 13 April 2009 - 11:13 AM

Hello.

Looks good. nothing really to do now. Everything is removed but Kaspersky found 2 files that you should remove since it was a trojan, lop.

C:\Documents and Settings\Owner\My Documents\BitGrabber-4.2.0.0-setup-0210.exe

<- Delete that file.

Empty your Recycling Bin and let's cleanup.


Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :step5:

Cleanup! with OTMoveIt
Let's remove all the tools we've used so far.
  • Double click the OTMoveIt3.exe to run it.
  • Click Posted Image. If you recieve a warning from your security program, select allow to download the packet.
  • A pop-up box will appear saying "Cleanup list download succesfully Begin Removal Process?". Click Yes.
  • If required for a reboot click Yes
Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Congratulations! You now appear clean! :step1: :) :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :step4:


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 marco d

marco d
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:25 PM

Posted 13 April 2009 - 12:11 PM

Hi,

Where do I find OTMoveIt3.exe?


Thanks, I will keep you posted.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 13 April 2009 - 12:22 PM

Hello.

Sorry my bad.

Please run OTCleanIT.

Download and Run OTCleanIt

We will now remove the tools we used during this fix.
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed witht the cleanup process, click Yes. Restart your computer when prompted.
After that you are good to go :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 15 April 2009 - 03:37 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad I could help :thumbup2:
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users