View Full Version : New Windows Vista Computer infected with WINTEMS.EXE
oheretic
2008-01-16, 22:57
Hello to everybody,
We have a new (two months) computer with the windows Vista operating system, which has become infected with the Wintems.exe virus (part of a Trojan I understand)
It is a family computer and to be honest - It is my stupid fault! I allowed another member of the family (who shall remain nameless!) to use the internet before we had adequately installed an updated the virus software.
I'm a bit of a bodger when it comes to computers - I know a few tips and tricks, but only from friends and what I've picked up from articles on the net. This is way beyond me so, I must now throw myself on the mercy of one of your kind voluteers.
I have read your article on what to do before posting and have downloaded Kaspersky log and Hijackthis and run their scans. Spybot was downloaded and installed, but was instantly deleted - but I gather from reading up that this is something this virus does (?)
Here are a few other things I have managed to find out:
Wintems.exe can be deleted, but will be put back on after deletion (cloning - am I right?)
It disables Windows Defender
It disables Windows Updater
Both of these can be turned back on manually, but are always disabled on start up.
It will not allow you to install a particular Windows security update (KB943078) - when you try it disables the windows module installer.
It will not let you install virus software, or will let it install and then instantly delete it (have tried AVG and Zonealarm)
Windows notification noise can be heard in the background (like when stopping a pop-up) even when you do not have a web page up.
Any and all assistance would be greatly appreciated.
oheretic
2008-01-16, 23:00
Here is the Kaspersky log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 16, 2008 12:22:22 AM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 512504
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 139789
Number of viruses found: 3
Number of infected objects: 69
Number of suspicious objects: 0
Duration of the scan process: 00:48:26
Infected Object Name / Virus Name / Last Action
C:\$Recycle.Bin\S-1-5-21-3770382818-2740039830-395197255-1000\$RRD70MF.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.101.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.101.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy820.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf14AC.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf14CC.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TM.blf Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows Defender\FileTracker\{474979DF-51A8-4A9D-9B62-7A05D4066E72} Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\oheretic\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\oheretic\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\oheretic\NTUSER.DAT Object is locked skipped
C:\Users\oheretic\ntuser.dat.LOG1 Object is locked skipped
C:\Users\oheretic\ntuser.dat.LOG2 Object is locked skipped
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ehome\mcupdate.exe Object is locked skipped
C:\Windows\exefld\101288937.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\105421906.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\108812109.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\1103250.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\111703.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\1118000.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\114515.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\114726453.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\119546.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\120022312.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\127484.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\128343.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\129410062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\134740406.exe Infected: Trojan-Downloader.Win32.Bagle.gi skipped
C:\Windows\exefld\144189296.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\145296.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\146510765.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\14831578.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\14862109.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\14927000.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\153000.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\161074250.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\168593.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\17183234.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\175901828.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\186565281.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\186574531.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\193468.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\210258984.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\210268140.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\31839953.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\32153531.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\38710062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\44018500.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\57329281.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\58560796.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\63054328.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\64769109.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\71925046.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\71932843.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\73232437.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\76240656.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\78951875.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\81562.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\815921.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\81621562.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\86610718.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\88146468.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\exefld\90811750.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\93756546.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\exefld\96027828.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{8EDD1A3C-2E1D-4B5E-8340-D7FBE8C84087}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
CONTINUED IN FOLLOWING POST!
oheretic
2008-01-16, 23:01
CONTINUED AS TOO LONG FOR PREVIOUS POST (am I doing this right?)
C:\Windows\System32\chkdsk.exe Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\down\105228296.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\108605718.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\117069734.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\119732859.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\131681359.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\146180609.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\14867406.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\148776734.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\148784984.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\163279843.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\186442062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\29108546.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\78914156.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\90694781.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\90713750.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\93466546.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\drivers\down\93709062.exe Infected: Trojan-Downloader.Win32.Bagle.ho skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\ntoskrnl.exe Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16386_none_c6660fc3aee34dc4\mcupdate.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-chkdsk_31bf3856ad364e35_6.0.6000.16386_none_bfaf97e48fc56cbc\chkdsk.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntoskrnl.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntoskrnl.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntoskrnl.exe Object is locked skipped
Scan process completed.
oheretic
2008-01-16, 23:02
AND THE HIJACKTHIS REPORT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:20, on 16/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\TPPALDR.EXE
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TPP Auto Loader] C:\Windows\TPPALDR.EXE
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlinkqueue.htm
O8 - Extra context menu item: Open current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebid.htm
O8 - Extra context menu item: Open link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 7724 bytes
Hi oheretic
* Download GMER from
here (http://www.gmer.net/gmer.zip):
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.
Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.
oheretic
2008-01-21, 19:44
Hello Shaba, thank you very much for your response.
I have followed your instructions and here are the results:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-21 17:41:22
Windows 6.0.6000
---- System - GMER 1.0.13 ----
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwCreateFile
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteValueKey
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwEnumerateKey
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenFile
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwQueryDirectoryFile
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwQueryKey
SSDT \??\C:\Windows\system32\drivers\srosa.sys ZwQuerySystemInformation
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetValueKey
---- Kernel code sections - GMER 1.0.13 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 688 81C809AC 2 Bytes CALL 7854F0E9
---- User code sections - GMER 1.0.13 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxIndirectParamW 760714EA 5 Bytes JMP 6EB0166F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxExA 7608570D 5 Bytes JMP 6EB015B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxParamA 760865BF 5 Bytes JMP 6EB01634 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxIndirectW 7608F1B3 5 Bytes JMP 6E991676 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxParamW 7609129F 5 Bytes JMP 6E96F2C1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!DialogBoxIndirectParamA 760B29C9 5 Bytes JMP 6EB016AA C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxIndirectA 760BFACF 5 Bytes JMP 6EB015F0 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3336] USER32.dll!MessageBoxExW
oheretic
2008-01-21, 19:46
---- User IAT/EAT - GMER 1.0.13 ----
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6A4188F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6A418B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6A4188F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6A418C84] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6A4188F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6A418B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6A41952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6A419AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6A419741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6A412E2C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6A412C16] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6A412A18] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6A41883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6A419A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6A419CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6A419741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6A418FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6A418F4E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6A41A275] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA]
oheretic
2008-01-21, 19:47
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6A41952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6A419741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6A419C57] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6A419CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6A419DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6A419741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6A41883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6A418C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6A4188F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6A418B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6A418FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6A418C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6A419CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6A419A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6A419498] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6A419DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6A41883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6A419741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6A418EEA] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6A418C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6A418A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6A418FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6A419DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6A419815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6A41A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6A419639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6A419BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[576] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW]
oheretic
2008-01-21, 19:48
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6B28D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6B28D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6B28D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[2876] @ C:\Windows\system32\WININET.dll [USER32.dll!DialogBoxParamW] [6B28D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6CB81923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!RegisterWaitForInputIdle] [6CB813AA] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6CB81923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [100078C0] C:\Program Files\Orbitdownloader\orbitcth.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6CB81923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6CE64618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3336] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress]
oheretic
2008-01-21, 19:49
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA
oheretic
2008-01-21, 19:50
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_POWER
oheretic
2008-01-21, 19:52
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FILE_SYSTEM_CONTROL
oheretic
2008-01-21, 19:53
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
---- Registry - GMER 1.0.13 ----
Reg \Registry\USER\S-1-5-21-3770382818-2740039830-395197255-1000\Software\Microsoft\Windows\CurrentVersion\Run@drvsyskit C:\Windows\system32\drivers\hidr.exe
Reg \Registry\USER\S-1-5-21-3770382818-2740039830-395197255-1000\Software\Microsoft\Windows\CurrentVersion\Run@german.exe C:\Windows\system32\wintems.exe
oheretic
2008-01-21, 19:55
---- Files - GMER 1.0.13 ----
File C:\Program Files\Common Files\Portrait Displays\Shared
File C:\Program Files\Common Files\Portrait Displays\Shared\CleanReg.exe
File C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
File C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe <-- ROOTKIT !!!
File C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
File C:\Program Files\Common Files\Portrait Displays\Shared\HtmlEngine.dll
File C:\Program Files\Common Files\Portrait Displays\Shared\pdiactivex.ocx
File C:\Program Files\Common Files\Portrait Displays\Shared\pdiSlider.ocx
File C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
File C:\Program Files\Common Files\Portrait Displays\Shared\ResetPermission.exe
File C:\Program Files\Common Files\Portrait Displays\Shared\supported.exe
File C:\Program Files\Movie Maker\Shared
File C:\Program Files\Movie Maker\Shared\Common.fxh
File C:\Program Files\Movie Maker\Shared\DissolveAnother.png
File C:\Program Files\Movie Maker\Shared\DissolveNoise.png
File C:\Program Files\Movie Maker\Shared\DvdStyles
File C:\Program Files\Movie Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\babyblue.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl
oheretic
2008-01-21, 19:56
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\babypink.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\button-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\chapters-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\content-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\content-foreground.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\curtains.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\notes-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl\play-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\BlackRectangle.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\circleround_glass.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\circleround_selectionsubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\circleround_videoinset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Circle_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Circle_VideoInset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\cloud_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\Dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\DvdTransform.fx
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage\pagecurl.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full
oheretic
2008-01-21, 19:57
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\dotslightoverlay.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\full.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full\pushplaysubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Heart_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Heart_VideoInset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\colorcycle.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle\title_stripe.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\layers.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\16_9-frame-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\btn-back-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\btn-next-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\btn-previous-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\button-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\button-overlay.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Notes_content-background.png
oheretic
2008-01-21, 19:58
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\scrapbook.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Title_content-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories\Title_select-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\decorative_rule.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge\vintage.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\720x480blacksquare.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Notes_loop.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\performance.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\redmenu.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Scene_loop.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Title_Page.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance\whitemenu.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png
oheretic
2008-01-21, 19:59
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_frame-border.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\rollinghills.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\photoedge_buttongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\photoedge_videoinset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Postage_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Postage_VideoInset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\1047_576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\push.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\pushplaysubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\push_item.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push\push_title.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\reflect.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles\vistabg.png
oheretic
2008-01-21, 20:01
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp
File C:\Program Files\Movie Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\203x8subpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter\shatter.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png
oheretic
2008-01-21, 20:03
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\CircleSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\GoldRing.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports\sports_disc_mask.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\720_480shadow.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking\photograph.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel
oheretic
2008-01-21, 20:04
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\16_9-frame-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\btn-back-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\btn-next-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\btn-previous-static.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\button-bullet.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\button-highlight.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\content-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\header-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\passport.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\Passport.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\passportcover.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\PassportMask.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\passport_mask_left.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\passport_mask_right.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\play-background.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\selection_subpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\travel.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv
File C:\Program Files\Movie Maker\Shared\DvdStyles\VideoWall
File C:\Program Files\Movie Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\VideoWall\videowall.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\1047x576black.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\15x15dot.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\softedges.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\vignettemask25.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette\whiteband.png
File C:\Program Files\Movie Maker\Shared\DvdStyles\WhiteDot.png
File C:\Program Files\Movie Maker\Shared\Filters.xml
File C:\Program Files\Movie Maker\Shared\news.png
File C:\Program Files\Movie Maker\Shared\paint.png
File C:\Program Files\Movie Maker\Shared\Parity.fx
File C:\Program Files\Movie Maker\Shared\Sample1.jpg
File C:\Program Files\Movie Maker\Shared\Sample2.jpg
File C:\Program Files\Movie Maker\Shared\Sample3.jpg
File C:\Program Files\Movie Maker\Shared\Sample4.jpg
File C:\Program Files\Yahoo!\Shared
oheretic
2008-01-21, 20:05
File C:\Program Files\Yahoo!\Shared\Graphics
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\activity_speaker_states.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_bot.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_left.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_right.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\border_top.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_down.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\button_chevron_up.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\capbuttons.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\checkbox.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\columnheads.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\combo_arrow.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\connect_chunkyanim.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\dark_connect_chunkyanim.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\dialbtn_pad.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\donotdisturb.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\games_close.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\grabbie.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\groupboxedge.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\headerbg.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_disabled.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_hot.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\icons_tbar_normal.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\indigo.xml
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\itabs.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\menubar_states.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\menuitem.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\menusearchbar.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_bg.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_scroll.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\menu_sep.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\mute_states.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_abook_off.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_abook_on.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_add1.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_mlist1_off.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\pab_mlist1_on.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\photoshare_slider.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\photoshare_slider_tray.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\preview_indigo.jpg
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\progressbar.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\pushbuttons.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\radio.bmp
oheretic
2008-01-21, 20:06
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_buttons.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_griph.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_gripv.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hbg.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_hhandle.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vbg.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\scroll_vhandle.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\search_bang.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\silver_bg.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\slotborder.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\slotborder_we.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\slot_empty_bg.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusbar.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\statusgrabber.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_cls.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_cls_hover.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\subhdrbg_hover.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\sys_menu.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tabs_standard.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tab_border.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tbar_sep.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\title.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_down.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_hover.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\title_up.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\toolbarbuttons.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_bot.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_left.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_right.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_border_top.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\tool_capbuttons.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_h.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_down.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_horz.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_left.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_right.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_up.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_thumb_vert.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\trackbar_v.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\triangletray.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\typedown.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_arrow.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\up_down_h_arrow.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_callbtn.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\Voice_Circle.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_ctrls.bmp
oheretic
2008-01-21, 20:07
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_0.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_1.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_10.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_11.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_2.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_3.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_4.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_5.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_6.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_7.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_8.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_dialpad_9.png
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_lights.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_ringer.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar_hold.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Indigo\voice_tbar_incoming.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_bot.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_left.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_right.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\border_top.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_down.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\button_chevron_up.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\capbuttons.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\checkbox.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\columnheads.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\combo.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\combo_arrow.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\dialbtn_pad.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\donotdisturb.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\games_close.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\grabbie.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\grabbie.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\groupboxedge.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\headerbg.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_disabled.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_hot.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\icons_tbar_normal.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\itabs.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\maverick.xml
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\menubar_states.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\menuitem.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\menusearchbar.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_bg.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_scroll.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\menu_sep.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_abook_off.bmp
oheretic
2008-01-21, 20:08
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_abook_on.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_add1.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_off.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\pab_mlist1_on.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\photoshare_slider.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\photoshare_slider_tray.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\preview_mavblue.jpg
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\progressbar.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\pushbuttons.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\radio.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_buttons.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_griph.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_gripv.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hbg.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_hhandle.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vbg.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\scroll_vhandle.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\search_bang.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\silver_bg.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\slotborder.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\slotborder_we.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\slot_empty_bg.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusbar.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\statusgrabber.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_cls.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_cls_hover.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\subhdrbg_hover.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\sys_menu.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tabs_standard.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tab_border.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_bg.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tbar_sep.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\title.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_down.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_hover.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\title_up.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\toolbarbuttons.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_bot.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_left.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_right.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_border_top.rgn
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\tool_capbuttons.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_h.bmp
Hi
If gmer log is too big, you can upload it to eg. rapidshare (http://www.rapidshare.com)
and post back link here, please :)
oheretic
2008-01-21, 20:09
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_down.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_horz.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_left.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_right.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_up.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_thumb_vert.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\trackbar_v.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\triangletray.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\typedown.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_arrow.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_h.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\up_down_h_arrow.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_callbtn.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_ctrls.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_0.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_1.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_10.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_11.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_2.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_3.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_4.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_5.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_6.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_7.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_8.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_dialpad_9.png
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_lights.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_ringer.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar_hold.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\Maverick\voice_tbar_incoming.bmp
File C:\Program Files\Yahoo!\Shared\Graphics\preview_classic_msgr.jpg
File C:\Program Files\Yahoo!\Shared\npYState.dll
File C:\Program Files\Yahoo!\Shared\YAlertCenter.dll
File C:\Program Files\Yahoo!\Shared\YbSkin2.dll
File C:\Program Files\Yahoo!\Shared\YbSkinSelect.dll
File C:\Program Files\Yahoo!\Shared\YbSkinSelectRes.dll
oheretic
2008-01-21, 20:11
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\00\200-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v200-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v200-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\00\200-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v200-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v200-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\00\200-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v200-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v200-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\01\101-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v101-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v101-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\01\201-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v201-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v201-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\01\201-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v201-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v201-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\01\201-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v201-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v201-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\02\102-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v102-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v102-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\02\202-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v202-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v202-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\02\202-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v202-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v202-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\02\202-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v202-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v202-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\03\203-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v203-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v203-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\03\203-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v203-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v203-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\03\203-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v203-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v203-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\04\204-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v204-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v204-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\04\204-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v204-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v204-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\04\204-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v204-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v204-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\05\105-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v105-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v105-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\05\205-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v205-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v205-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\05\205-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v205-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v205-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\07\207-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v207-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v207-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\07\207-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v207-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v207-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\11\11-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v11-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\11\11-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v11-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\11\11-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v11-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\11\11-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v11-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\13\213-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v213-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v213-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\14\214-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v214-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v214-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\15\115-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v115-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v115-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\15\15-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v15-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\15\15-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v15-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\15\15-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v15-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\15\215-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v215-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v215-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\16\216-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v216-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v216-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\17\117-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v117-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v117-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
oheretic
2008-01-21, 20:11
B2149C30AD}\17\17-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v17-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\17\19-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v17-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\17\217-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v217-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v217-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\18\118-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v118-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v118-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\18\18-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v18-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\18\18-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v18-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\18\218-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v218-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v218-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\19\119-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v119-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\19\19-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v19-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\19\19-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v19-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\19\219-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v219-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v219-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\20\20-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v20-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\20\20-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v20-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\20\220-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v220-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v220-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\21\121-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v121-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v121-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\21\21-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v21-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\21\21-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v21-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\21\221-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v221-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v221-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\22\22-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v22-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v22-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\22\22-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v22-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\22\22-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v22-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\23\223-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v223-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v223-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\23\23-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v23-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\23\23-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v23-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\24\224-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v224-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v224-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\24\24-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v24-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\24\24-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v24-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\25\125-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v125-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v125-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\25\225-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v225-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v225-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\25\25-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v25-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\25\40-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v25-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\25\40-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v25-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\26\226-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v226-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v226-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\26\26-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v26-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\26\26-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v26-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\26\26-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v26-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\27\227-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v227-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v227-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\27\27-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v27-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\27\27-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v27-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\27\27-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v27-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\28\228-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v228-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v228-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\28\28-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v28-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\28\28-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v28-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\28\28-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v28-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\29\229-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v229-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v229-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\29\29-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v29-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\29\29-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v29-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\29\29-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v29-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\30\230-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v230-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v230-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
oheretic
2008-01-21, 20:15
B2149C30AD}\30\30-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v30-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\30\30-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v30-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\30\30-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v30-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\31\131-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v131-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v131-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\31\231-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v231-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v231-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\31\31-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v31-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\31\31-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v31-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\31\31-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v31-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\31\431-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v431-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v431-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\32\132-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v132-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v132-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\32\232-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v232-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v232-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\32\32-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v32-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\32\32-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v32-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\32\32-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v32-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\33\133-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v133-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v133-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\33\233-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v233-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v233-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\33\33-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v33-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\33\33-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v33-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\33\33-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v33-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\34\134-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v134-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v134-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\34\34-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v34-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\34\34-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v34-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\34\34-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v34-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\35\135-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v135-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v135-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\35\235-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v235-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v235-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\35\235-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v235-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v235-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\35\235-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v235-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v235-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\35\35-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v35-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\35\35-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v35-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\35\435-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v435-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v435-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\36\136-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v136-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\36\136-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v136-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\36\136-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v136-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\36\236-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v236-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v236-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\36\236-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v236-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v236-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\36\36-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v36-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\36\36-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v36-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\36\36-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v36-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\36\436-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v436-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v436-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\37\237-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v237-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v237-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\37\237-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v237-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v237-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\37\237-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v237-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v237-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\37\37-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v37-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\37\37-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v37-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
oheretic
2008-01-21, 20:16
B2149C30AD}\37\437-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v437-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v437-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\38\138-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v138-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\38\138-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v138-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\38\238-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v238-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v238-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\38\38-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v38-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\38\38-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v38-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v38-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\39\239-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v239-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v239-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\39\239-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v239-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v239-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\39\239-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v239-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v239-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\39\39-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v39-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\39\39-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v39-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v39-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\39\439-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v439-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v439-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\40\140-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v140-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v140-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\40\140-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v140-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v140-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\40\240-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v240-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v240-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\40\445-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v440-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v445-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\40\445-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v440-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v445-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\41\141-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v141-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v141-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\41\241-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v241-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v241-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\41\241-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v241-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v241-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\41\241-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v241-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v241-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\42\142-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v142-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v142-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\42\142-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v142-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v142-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\42\242-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v242-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v242-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\43\143-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v143-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v143-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\43\143-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v143-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v143-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\43\143-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v143-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v143-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\43\243-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v243-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v243-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\43\243-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v243-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v243-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\43\243-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v243-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v243-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\43\43-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v43-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\44\144-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v144-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v144-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\44\144-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v144-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v144-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\44\144-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v144-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v144-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\44\244-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v244-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v244-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\44\44-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v44-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\45\145-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v145-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v145-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\45\145-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v145-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v145-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\45\245-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v245-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v245-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\45\245-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v245-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v245-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\45\245-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v245-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v245-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\45\45-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v45-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\46\146-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v146-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v146-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\46\146-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v146-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v146-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\46\246-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v246-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v246-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\46\246-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v246-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v246-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\46\246-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v246-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v246-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\47\147-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v147-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v147-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\47\147-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v147-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v147-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\47\247-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v247-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v247-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\47\247-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v247-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v247-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\47\247-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v247-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v247-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\48\148-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v148-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v148-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\48\148-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v148-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v148-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
oheretic
2008-01-21, 20:17
B2149C30AD}\48\248-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v248-{03063EE3-3C19-4DD4-A11F-B5DB40B84F17}-v248-Partial.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\48\248-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v248-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v248-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\48\248-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v248-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v248-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\49\149-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v149-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v149-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\49\149-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v149-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v149-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\49\249-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v249-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v249-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\49\249-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v249-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v249-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\50\150-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v150-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v150-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\50\150-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v150-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v150-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\51\151-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v151-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v151-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\51\151-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v151-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v151-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\51\251-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v251-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v251-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\51\251-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v251-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v251-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\52\152-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v152-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v152-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\52\152-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v152-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v152-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\53\153-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v153-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v153-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\53\153-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v153-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v153-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\53\253-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v253-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v253-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\53\253-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v253-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v253-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\54\154-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v154-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v154-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\54\154-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v154-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v154-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\54\301-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v54-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v301-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\54\301-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v54-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v301-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\55\155-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v155-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v155-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\55\155-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v155-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v155-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\55\255-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v255-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v255-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\55\255-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v255-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v255-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\56\156-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v156-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v156-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\56\156-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v156-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v156-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\56\56-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v56-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\56\56-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v56-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v56-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\57\157-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v157-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v157-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\57\157-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v157-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v157-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\57\257-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v257-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v257-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\57\257-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v257-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v257-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\57\57-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v57-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\57\57-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v57-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v57-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\58\158-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v158-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v158-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\58\158-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v158-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v158-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\58\58-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v58-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\58\58-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v58-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v58-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\59\159-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v159-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v159-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\59\159-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v159-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v159-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\59\259-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v259-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v259-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\59\259-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v259-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v259-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\59\59-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v59-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\59\59-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v59-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v59-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\60\160-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v160-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v160-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\60\160-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v160-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v160-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\60\60-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v60-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Users\oheretic\AppData\Local\Microsoft\Messenger\diogenese@hotmail.co.uk\SharingMetadata\david_does_mickey@hotmail.com\DFSR\Staging\CS{F8239781-28BE-D081-1A79-16B2149C30AD}\60\60-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v60-{50CA4C7A-C7F4-4056-8D90-6E2E3C3498DB}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
oheretic
2008-01-21, 20:21
OKAY THERE IS MILES OF THIS - I HAVE A HUNCH ALL THIS 'FILE' INFO IS NOT RELEVANT. SO I'LL MAKE IT AVAILABLE TO YOU IF NECESSARY VIA RAPIDSHARE. LET ME CUT TO THE INTERESTING BIT AT THE BOTTOM:
File C:\Windows\System32\drivers\hidr.exe
File C:\Windows\System32\drivers\hldrrr.exe
File C:\Windows\System32\drivers\srosa.sys
File C:\Windows\System32\IME\shared
File C:\Windows\System32\IME\shared\IMCCPHR.exe
File C:\Windows\System32\IME\shared\IMEAPIS.DLL
File C:\Windows\System32\IME\shared\imecfm.dll
File C:\Windows\System32\IME\shared\IMEPADSM.DLL
File C:\Windows\System32\IME\shared\IMEPADSV.EXE
File C:\Windows\System32\IME\shared\IMETIP.DLL
File C:\Windows\System32\IME\shared\imever.dll
File C:\Windows\System32\IME\shared\IMJKAPI.DLL
File C:\Windows\System32\IME\shared\MSCAND20.DLL
File C:\Windows\System32\IME\shared\res
File C:\Windows\System32\IME\shared\res\padrs404.dll
File C:\Windows\System32\IME\shared\res\padrs411.dll
File C:\Windows\System32\IME\shared\res\padrs412.dll
File C:\Windows\System32\IME\shared\res\padrs804.dll
---- Services - GMER 1.0.13 ----
Service C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [AUTO] DTSRVC <-- ROOTKIT !!!
---- EOF - GMER 1.0.13 ----
Hi
Yes those are most important ones :)
Run gmer.exe
Click the tab called Processes and click the Safe... button. The computer will reboot and the Gmer screen will open.
Click Files... and browse to the following file:
C:\Windows\System32\drivers\hldrrr.exe
Now click Delete
Also do that with these files:
C:\Windows\System32\drivers\hidr.exe
C:\Windows\System32\drivers\srosa.sys
C:\Windows\system32\wintems.exe
Now click the Services tab. Click the entries in red one by one with your right mouse button and click Delete... Answer Yes to all the warning windows.
When you've removed all the Service entries in red, reboot your computer.
Delete these folders:
C:\Windows\exefld
C:\Windows\System32\drivers\down
Empty Recycle Bin
Re-run gmer
Post:
- a fresh HijackThis log
- gmer log (should be significantly smaller now)
oheretic
2008-01-21, 21:34
Ok - I'm on the case now - thank you so much
oheretic
2008-01-21, 21:39
Shaba- I can't seem to find the 'Safe' button in Gmer - there is a 'restart' button..is that it?
oheretic
2008-01-21, 22:17
I hit the restart button guessing this was what you meant by safe button, the computer re-booted but the Gmer screen did not come up.
oheretic
2008-01-22, 00:03
Ok - There were NO entries in red in services. I restarted Gmer manually after reboot and follow all the deletion instructions:
Here is the Gmer log:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-21 22:01:55
Windows 6.0.6000
---- System - GMER 1.0.13 ----
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetValueKey
---- User code sections - GMER 1.0.13 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxIndirectParamW 764D14EA 5 Bytes JMP 6E47166F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxExA 764E570D 5 Bytes JMP 6E4715B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxParamA 764E65BF 5 Bytes JMP 6E471634 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxIndirectW 764EF1B3 5 Bytes JMP 6E301676 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxParamW 764F129F 5 Bytes JMP 6E2DF2C1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxIndirectParamA 765129C9 5 Bytes JMP 6E4716AA C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxIndirectA 7651FACF 5 Bytes JMP 6E4715F0 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxExW 7651FBC9 5 Bytes JMP 6E47157C C:\Windows\system32\IEFRAME.dll
---- User IAT/EAT - GMER 1.0.13 ----
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6AFF88F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6AFF8B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6AFF8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6AFFA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6AFF9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6AFF9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6AFF9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6AFF88F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6AFFA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6AFF8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6AFF8C84] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6AFF88F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6AFF8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6AFF8B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6AFFA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6AFFA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
oheretic
2008-01-22, 00:04
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6AFF952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6AFF9AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6AFF9741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6AFF9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6AFF2E2C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6AFF8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6AFF2C16] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6AFFA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6AFF2A18] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6AFF883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6AFF9A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6AFF9CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6AFF9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6AFF9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6AFF9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6AFF9741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6AFF8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6AFF8FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6AFFA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6AFF8F4E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6AFFA275] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [6AFF9AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6AFF952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6AFF9741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6AFF9C57] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6AFF9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6AFF9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6AFF9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6AFF9CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6AFF9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6AFF9DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6AFF9741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6AFF9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6AFF9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6AFF883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6AFFA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6AFF8C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6AFF88F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6AFF8B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6AFF8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6AFF8FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6AFF8C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6AFFA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6AFF9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6AFF9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6AFF9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6AFF9CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6AFF9A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6AFF9498] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6AFF9DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6AFF883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6AFF9741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6AFF8EEA] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6AFF8C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6AFF8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6AFFA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6AFF8FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6AFF9DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6AFF9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6AFF9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6AFF9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6AFFA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6AFF9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6AFF9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\oheretic\Desktop\gmer\gmer.exe[268] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [6AFF9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
oheretic
2008-01-22, 00:05
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6C8B1923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!RegisterWaitForInputIdle] [6C8B13AA] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6C8B1923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [100078C0] C:\Program Files\Orbitdownloader\orbitcth.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6C8B1923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3736] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6CA94618] C:\Windows\system32\ShimEng.dll
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
oheretic
2008-01-22, 00:07
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
oheretic
2008-01-22, 00:08
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_NAMED_PIPE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLOSE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_READ [8762C038] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_WRITE [8762C160] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_EA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FLUSH_BUFFERS [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_VOLUME_INFORMATION [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DIRECTORY_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FILE_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CONTROL [8762BB74] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_INTERNAL_DEVICE_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SHUTDOWN [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_LOCK_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLEANUP [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_MAILSLOT [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_SECURITY [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_POWER [8762BEAC] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SYSTEM_CONTROL [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CHANGE [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_QUOTA [8762BB48] fvevol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_QUOTA [8762BB48] fvevol.sys
---- Files - GMER 1.0.13 ----
ADS C:\Users\oheretic\Favorites\Gadets & Gizmos\:favicon
---- EOF - GMER 1.0.13 ----
oheretic
2008-01-22, 00:10
And HijackThis - Here's hoping!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:30, on 21/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\TPPALDR.EXE
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TPP Auto Loader] C:\Windows\TPPALDR.EXE
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlinkqueue.htm
O8 - Extra context menu item: Open current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebid.htm
O8 - Extra context menu item: Open link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 7675 bytes
Hi
Yes, looks like that rootkit bagle has been killed :)
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [german.exe] C:\Windows\system32\wintems.exe
Close all windows including browser and press fix checked.
Reboot.
Install one antivirus from below, please:
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/doc/1) - Free edition of the AVG anti-virus program for Windows.
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
Post back a fresh HijackThis log.
oheretic
2008-01-22, 23:09
All instructions followed and I have installed Avast!
Thank you so much for taking the time and trouble to help me.I shall ensure everything is better protected in future.
Regards
Oheretic
oheretic
2008-01-22, 23:10
And here is the final HijackThis Log file:
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:41, on 22/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\TPPALDR.EXE
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TPP Auto Loader] C:\Windows\TPPALDR.EXE
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlinkqueue.htm
O8 - Extra context menu item: Open current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebid.htm
O8 - Extra context menu item: Open link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 7884 bytes
Hi
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Note: This scanner will work with Internet Explorer Only!
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
oheretic
2008-01-27, 21:35
Apologies - I was called away unexpectedly for a few days - am following next instructions now.
oheretic
2008-01-27, 23:35
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 27, 2008 9:35:49 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 534146
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 143056
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:00:57
Infected Object Name / Virus Name / Last Action
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.113.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.113.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy893.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf8BC5.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf8BC6.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050107.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TM.blf Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows\UsrClass.dat{df42ab1f-72a9-11dc-8453-001921d42287}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows Defender\FileTracker\{20679184-1529-4302-82B0-890A291B0313} Object is locked skipped
C:\Users\oheretic\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\oheretic\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\oheretic\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\oheretic\NTUSER.DAT Object is locked skipped
C:\Users\oheretic\ntuser.dat.LOG1 Object is locked skipped
C:\Users\oheretic\ntuser.dat.LOG2 Object is locked skipped
oheretic
2008-01-27, 23:36
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\oheretic\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Internet Logs\fwdbglog.txt Object is locked skipped
C:\Windows\Internet Logs\fwpktlog.txt Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
Scan process completed.
oheretic
2008-01-27, 23:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:08, on 27/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\TPPALDR.EXE
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [TPP Auto Loader] C:\Windows\TPPALDR.EXE
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlinkqueue.htm
O8 - Extra context menu item: Open current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebid.htm
O8 - Extra context menu item: Open link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 7860 bytes
Hi
That looks good :)
Still problems?
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.