Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » I think I may be infected

[Fixed] Hijackthis! Logs - I think I may be infected posted in the Security & Safety forums; I clicked on a link on a forum earlier this morning without knowing it was a Keylogger and I think I maybe infected. So I've run HijackThis! and uploaded the ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 12-01-2007
Mooko's Avatar
Bronze Member
  
Join Date: Dec 2007
Posts: 7
PC Experience: Some Experience
Mooko - See this Members User comments on their Profile page
Default I think I may be infected
I clicked on a link on a forum earlier this morning without knowing it was a Keylogger and I think I maybe infected. So I've run HijackThis! and uploaded the data. If someone could take a look I'd be most appreciative.

Cowburn199 - Moved to HiJackThis! Log forum
Attached Files
File Type: log hijackthis.log (5.8 KB, 6 views)


Last edited by Cowburn199; 12-01-2007 at 01:23 PM.
  #2  
Old 12-02-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,534
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: I think I may be infected
Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

=========================================
This will help to identify any malware on your system.
Please download Combofix from HERE or HERE
Save ComboFix to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 12-02-2007
Mooko's Avatar
Bronze Member
  
Join Date: Dec 2007
Posts: 7
PC Experience: Some Experience
Mooko - See this Members User comments on their Profile page
Default Re: I think I may be infected
Thanks for the reply Pancake.
I did as you said and here is the contents of the Logfile:


SDFix: Version 1.116

Run by Administrator on 02/12/2007 at 03:29

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 03:32:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\01\10-{899E34D7-7913-041F-BA1A-D9E686CB1577}-v1-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\11\11-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v11-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\12\12-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v12-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 68250 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\12\12-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v12-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4998 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\12\12-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v12-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7560 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\13\13-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v13-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 35238 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\13\13-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v13-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2586 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\13\13-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v13-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3968 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\14\14-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v14-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 57594 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\14\14-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v14-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3846 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\14\14-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v14-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6448 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\15\15-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v15-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 47064 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\15\15-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v15-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3414 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\15\15-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v15-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5224 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\16\16-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v16-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5898 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\16\16-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v16-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 656 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\17\17-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v17-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 53652 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\17\17-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v17-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3900 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\17\17-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v17-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5968 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\18\18-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v18-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 57630 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\18\18-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v18-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4044 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\18\18-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v18-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6400 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\19\19-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v19-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 21936 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\19\19-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v19-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1560 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\19\19-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v19-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2416 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\20\20-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v20-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 67548 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\20\20-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v20-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5034 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\20\20-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v20-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7520 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\21\21-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v21-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 50070 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\21\21-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v21-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3360 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\21\21-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v21-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5576 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\22\22-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v22-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 30738 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\22\22-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v22-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2100 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\22\22-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v22-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3488 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\23\23-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v23-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11766 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\23\23-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v23-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1336 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\24\24-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v24-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 64542 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\24\24-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v24-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4764 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\24\24-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v24-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7160 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\25\25-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v25-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 77016 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\25\25-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v25-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5412 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\25\25-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v25-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8624 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\26\26-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v26-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 67242 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\26\26-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v26-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4710 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\26\26-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v26-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7512 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\27\27-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v27-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 23376 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\27\27-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v27-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1704 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\27\27-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v27-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2600 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\28\28-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v28-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 88338 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\28\28-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v28-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 6474 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\28\28-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v28-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 9808 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\29\29-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v29-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 47802 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\29\29-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v29-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3486 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\29\29-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v29-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5320 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\51\51-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v51-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v51-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\52\52-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v52-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 68250 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\52\52-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v52-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4998 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\52\52-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v52-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7560 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\53\53-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v53-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 35238 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\53\53-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v53-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2586 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\53\53-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v53-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v53-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3968 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\54\54-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v54-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 57594 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\54\54-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v54-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3846 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\54\54-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v54-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6448 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\55\55-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v55-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 47064 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\55\55-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v55-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3414 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\55\55-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v55-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v55-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5224 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\56\56-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v56-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 5898 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\56\56-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v56-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 656 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\57\57-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v57-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 53652 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\57\57-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v57-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3900 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\57\57-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v57-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5968 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\58\58-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v58-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 57630 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\58\58-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v58-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4044 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\58\58-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v58-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 6400 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\59\59-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v59-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 21936 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\59\59-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v59-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1560 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\59\59-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v59-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2416 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\60\60-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v60-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 67548 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\60\60-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v60-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5034 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\60\60-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v60-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7520 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\61\61-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v61-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 50070 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\61\61-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v61-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3360 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\61\61-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v61-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v61-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5576 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\62\62-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v62-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 30738 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\62\62-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v62-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2100 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\62\62-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v62-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v62-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3488 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\63\63-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v63-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 11766 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\63\63-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v63-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1336 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\64\64-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v64-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 64542 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\64\64-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v64-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4764 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\64\64-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v64-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7160 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\65\65-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v65-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 77016 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\65\65-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v65-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 5412 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\65\65-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v65-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8624 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\66\66-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v66-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v66-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 67242 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\66\66-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v66-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v66-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 4728 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\66\66-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v66-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v66-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 7512 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\67\67-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v67-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 23376 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\67\67-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v67-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1704 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\67\67-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v67-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v67-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2600 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\68\68-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v68-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v68-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 88338 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\68\68-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v68-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v68-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 6474 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\68\68-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v68-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v68-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 9808 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\69\69-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v69-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v69-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 47802 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\69\69-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v69-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v69-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 3486 bytes hidden from API
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\Tyrandas@hotmail.com\Shar ingMetadata\carllinner@hotmail.com\DFSR\Staging\CS {899E34D7-7913-041F-BA1A-D9E686CB1577}\69\69-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v69-{AA5FD868-2C71-4AE2-858C-ED3289E9E376}-v69-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 5320 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 107


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avgine t.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgam svr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.ex e"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc. exe"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\T-Mobile\\web'n'walk USB manager\\web'n'walk USB manager.exe"="C:\\Program Files\\T-Mobile\\web'n'walk USB manager\\web'n'walk USB manager.exe:*:Enabled:web'n'walk USB manager"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

Sat 10 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!
Attached Files
File Type: txt Report.txt (44.5 KB, 0 views)


  #4  
Old 12-02-2007
Mooko's Avatar
Bronze Member
  
Join Date: Dec 2007
Posts: 7
PC Experience: Some Experience
Mooko - See this Members User comments on their Profile page
Default Re: I think I may be infected
Combofix report:

ComboFix 07-12-02.5 - Administrator 2007-12-02 3:39:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1528 [GMT 0:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 03:29 . 2007-12-02 03:29 <DIR> d-------- C:\WINDOWS\SDFIX
2007-11-29 13:29 . 2007-11-29 13:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2007-11-29 01:42 . 2007-11-29 01:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2007-11-27 12:46 . 2007-11-27 12:46 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-11-27 12:45 . 2007-11-30 05:24 <DIR> d-------- C:\Program Files\Xfire
2007-11-27 12:45 . 2007-12-02 03:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Xfire
2007-11-26 05:03 . 2007-11-26 05:03 268 --ah----- C:\sqmdata00.sqm
2007-11-26 05:03 . 2007-11-26 05:03 244 --ah----- C:\sqmnoopt00.sqm
2007-11-23 10:00 . 2007-11-23 10:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield Installation Information
2007-11-23 09:49 . 2007-11-23 09:49 <DIR> d-------- C:\Program Files\Unreal Tournament 3
2007-11-23 09:48 . 2007-11-23 09:48 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-11-23 09:48 . 2007-11-23 09:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-23 09:48 . 2007-11-23 09:49 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-11-23 05:49 . 2007-11-23 05:54 <DIR> d-------- C:\Program Files\World of Warcraft
2007-11-23 05:14 . 2007-03-05 07:55 88,960 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2007-11-23 05:14 . 2007-03-05 07:55 24,448 --a------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2007-11-23 05:00 . 2007-11-23 05:00 <DIR> d-------- C:\Program Files\T-Mobile
2007-11-22 21:15 . 2007-11-22 21:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2007-11-22 21:02 . 2007-11-22 21:02 <DIR> d-------- C:\Program Files\VideoLAN
2007-11-21 17:24 . 2007-12-02 03:35 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2007-11-21 03:06 . 2007-11-21 03:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-11-21 02:52 . 2007-11-28 07:44 <DIR> d-------- C:\Program Files\DivX
2007-11-20 06:25 . 2007-11-20 06:25 <DIR> d-------- C:\WINDOWS\Performance
2007-11-20 06:25 . 2007-11-20 06:25 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-11-20 06:25 . 2007-11-20 06:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-11-18 16:20 . 2007-11-29 18:22 <DIR> d-------- C:\Program Files\Steam
2007-11-17 08:09 . 2007-11-25 03:12 <DIR> d-------- C:\Program Files\mIRC
2007-11-17 08:09 . 2007-11-25 13:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2007-11-14 15:21 . 2007-11-14 15:21 <DIR> d-------- C:\Program Files\BitLord
2007-11-14 12:57 . 2007-11-15 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 05:45 . 2007-11-15 10:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Desktop Sidebar
2007-11-14 05:43 . 2007-11-14 05:43 <DIR> d-------- C:\Program Files\Desktop Sidebar
2007-11-14 03:51 . 2007-12-01 19:55 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-13 20:04 . 2007-11-13 20:04 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-13 20:00 . 2007-11-23 05:13 <DIR> d-------- C:\Program Files\Serious Sam 2
2007-11-13 12:53 . 2007-11-13 12:53 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-11-12 20:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-12 20:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-12 20:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-12 15:41 . 2007-11-12 15:41 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-11-12 10:11 . 2007-11-24 08:43 <DIR> d-------- C:\Program Files\Soulseek
2007-11-11 19:09 . 2007-11-29 13:30 <DIR> d-------- C:\Program Files\Winamp
2007-11-11 16:02 . 2007-11-11 16:02 <DIR> d-------- C:\Program Files\RocketDock
2007-11-11 15:57 . 2007-11-11 15:57 <DIR> d-------- C:\Program Files\HELP
2007-11-11 15:57 . 2007-11-22 20:54 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-11 15:57 . 2007-11-11 15:57 34,552 --a------ C:\Program Files\uninstall.exe
2007-11-11 15:50 . 2003-07-16 14:27 43,264 --------- C:\WINDOWS\system32\drivers\ser2pl.sys
2007-11-11 15:49 . 2007-11-11 15:49 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-11 14:58 . 2007-11-28 07:44 1,429 --a------ C:\WINDOWS\mozver.dat
2007-11-11 14:56 . 2007-11-11 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2007-11-11 14:54 . 2007-11-23 09:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-11 14:46 . 2007-11-11 14:54 <DIR> d-------- C:\Program Files\Windows Live
2007-11-11 14:46 . 2007-11-11 14:54 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-11 14:46 . 2007-11-11 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-11 14:42 . 2007-11-11 14:42 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-11 14:30 . 2007-11-23 05:12 <DIR> d-------- C:\Program Files\web'n'walk USB manager
2007-11-11 14:28 . 2007-12-01 11:42 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-11 14:28 . 2007-11-11 14:28 22,328 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2007-11-11 14:27 . 2007-12-01 11:42 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-11 14:27 . 2007-11-14 03:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-11 14:27 . 2007-11-11 14:27 319 --a------ C:\WINDOWS\game.ini
2007-11-11 14:18 . 2007-11-11 14:18 <DIR> d-------- C:\Program Files\Activision
2007-11-11 14:16 . 2007-11-11 14:16 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-10 21:47 . 2007-11-10 21:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-10 21:25 . 2007-11-10 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-10 14:54 . 2007-12-01 11:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-10 14:53 . 2007-11-10 14:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-10 14:53 . 2007-11-10 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-10 14:53 . 2007-11-10 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-10 14:53 . 2007-11-10 14:53 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-11-10 14:53 . 2007-11-10 14:53 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-11-10 14:33 . 2007-10-04 17:14 136,260 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-11-10 13:56 . 2007-11-10 13:56 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-11-10 13:56 . 2007-11-10 13:56 <DIR> d-------- C:\Program Files\Futuremark
2007-11-10 13:56 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-11-10 13:56 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2007-11-10 13:55 . 2007-11-10 13:55 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-10 13:55 . 2007-11-10 13:55 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-10 13:55 . 2007-11-10 13:55 <DIR> d-------- C:\Program Files\Ahead
2007-11-10 13:55 . 2004-07-20 16:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-11-10 13:55 . 2004-07-20 16:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-11-10 13:55 . 2004-07-20 16:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-11-10 13:55 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-11-10 13:55 . 2004-07-20 16:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-11-10 13:55 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-11-10 13:55 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-10 13:55 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-11-10 13:50 . 2007-11-10 13:50 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-10 13:50 . 2007-11-10 13:50 <DIR> d-------- C:\Program Files\CyberLink
2007-11-10 13:50 . 2007-11-10 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-10 13:47 . 2007-11-10 14:50 <DIR> d-------- C:\WINDOWS\nview
2007-11-10 13:47 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-11-10 13:47 . 2007-11-13 12:45 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2007-11-10 13:47 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-11-10 13:46 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-11-10 13:45 . 2007-11-10 13:45 <DIR> d-------- C:\NVIDIA
2007-11-10 13:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-10 13:13 . 2007-11-10 13:13 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-10 13:00 . 2007-11-10 13:00 <DIR> d-------- C:\Program Files\MSBuild

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-28 04:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 15:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-10 12:58 --------- d-----w C:\Program Files\Reference Assemblies
2007-11-10 12:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-10 12:14 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-10 12:14 --------- d-----w C:\Program Files\Realtek
2007-11-10 12:11 --------- d-----w C:\Program Files\Intel
2007-11-10 12:05 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-04 17:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 17:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 17:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 17:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 17:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-04 17:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 17:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 17:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 17:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-04 17:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-04 17:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 17:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 17:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 17:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 17:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 17:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-04 17:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-04 17:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-04 17:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-04 17:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-04 17:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-04 17:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-04 17:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-04 17:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-04 17:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 17:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-04 17:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-04 17:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-04 17:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-04 17:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 17:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 17:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-04 17:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-04 17:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-04 17:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-04 17:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-04 17:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-04 17:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-10-04 17:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-10-04 17:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-10-04 17:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-10-04 17:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-10-04 17:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-10-04 17:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-10-04 17:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-10-04 17:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-10-04 17:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-10-04 17:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-10-04 17:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-10-04 17:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 07:28 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 09:22 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-10 14:53]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"Alcmtr"="ALCMTR.EXE" [2005-05-03 10:43 C:\WINDOWS\Alcmtr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-10 14:53]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-13 16:38]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-11-15 00:59:50]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{43e9826b-9062-11dc-a283-001bfc76955a}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{de1eb5a8-9982-11dc-a298-001bfc76955a}]
\Shell\AutoRun\command - E:\AutoRun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-02 03:35:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 03:40:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-02 3:40:45
.
--- E O F ---

New Hijack This! report:

Logfile of HijackThis v1.99.1
Scan saved at 03:42:53, on 02/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Window