Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personalized settings at start up + changed computer settings(pls helpD;)


  • This topic is locked This topic is locked
3 replies to this topic

#1 siqilee

siqilee

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 10 October 2009 - 09:35 AM

Hi

Erm , I don't really know how it started , but i think it had gone worse these days so im getting worried .

Problems i'm facing
1- "[title] Personalized settings
Setting up personalized settings for:
C:\Recycler\S-1-5-21-1482476501-1644494937-68"

this appears each time i start up ,

2- my computer lags easily , but not always . sometimes when i afk for sometime and when i come back and i click something it lags and soon theres nothing i can do except pressing the restart button . (i can 'press' the task manager button , but after that it doesn't appear and it gets worse , sometimes it writes that explorar.exe is using very high % of my cpu . )

3- Certain settings Did change like the 'no active audio mixers available' problem , i searched the Internet for this problem and i found the solution using services.msg , i turned it to automatic but after i restart it turns back to the way it is . (Note : the no audio mixers problem seems to appear only after i use the computer for some time , everytime i trstart it turns back normal)
- last time when i press ctrl+alt+del the task manager appears immediately , now , the windows security appears first .

4- Sometimes when i insert my pendrive and after i finish i want to remove it safely , but it says its currently in use or something , i'm pretty sure im not though

5- Everytime i click on my hard disk , it opens in another window . I searched for it and i deleted the mousepointer2 or something registry and it fixed it .

This I've done which Might have made this(excluding those which i actually don't know)
1- I don't have an anti-virus for a period of time . And occasionally i get pendrives from my friends , im not sure if its clean or not .

2- Things I have installed : Changepaper.exe , i've disabled this .
Nod something (forgot the version) i don't have any keys so i soon uninstalled it . but i remember it deleting something named system volume information , on my harddisks (right now i got a kaspersky AV 2009)

The dds log

DDS (Ver_09-09-29.01) - NTFSx86
Run by ~~AWU~~ at 22:06:19.04 on 10/10/2009 Sat
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1023.734 [GMT 8:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\PPStream\ppsap.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Aztech Systems Ltd\WL630USB Wireless B+G Utility\ZDWlan.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\~~AWU~~\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\~~AWU~~\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = about:blank
mStart Page = hxxp://00333.cn/wen.htm
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch =
mSearchAssistant =
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - d:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - d:\program files\thunder network\thunder\comdlls\xunleiBHO_Now.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! 导航条: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {89FDCC4B-8D91-49B0-81A6-18BCFF582735} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PPS Accelerator] d:\program files\ppstream\ppsap.exe
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\~~awu~~\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wl630u~1.lnk - c:\program files\aztech systems ltd\wl630usb wireless b+g utility\ZDWlan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
IE: &Search
IE: 使用迅雷下载 - d:\program files\thunder network\thunder\program\geturl.htm
IE: 使用迅雷下载全部链接 - d:\program files\thunder network\thunder\program\getallurl.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\program files\thunder network\thunder\Thunder.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\~~awu~~\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: fakku.net\www
Trusted Zone: xuite.net\webhd
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://games.bigfishgames.com/en_ricochetlostworlds/online/ReflexiveWebGameLoader.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/1101/aliedit.cab
DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://zone.msn.com/bingame/rock/default/popcaploader1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://static.slide.com/uploader/SlideImageUploader.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {F58E877C-4F14-4805-B2D2-EB48927C7580} - hxxp://dist.cdnetworks.co.jp/cdndist/streamport/SPort.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-10-7 226832]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 sw848b;sw848b;c:\windows\system32\drivers\sw848b.sys [2007-7-30 29760]
R2 sw878b;sw878b;c:\windows\system32\drivers\sw878b.sys [2007-7-30 10148]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 208616]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S2 riserver;riserver;c:\windows\system32\SVCHOST.EXE -k riserver [2004-8-4 14336]
S2 tbqphdzy;Driver Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-3 32512]
S4 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\encrfil.sys --> c:\windows\system32\drivers\ENCRFIL.SYS [?]
S4 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\slwfil.sys --> c:\windows\system32\drivers\SLWFIL.SYS [?]

=============== Created Last 30 ================

2009-10-08 16:27 <DIR> --d----- c:\docume~1\~~awu~~\applic~1\Malwarebytes
2009-10-08 16:27 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 16:27 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-08 16:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-08 16:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-08 16:21 <DIR> --d----- c:\program files\Trend Micro
2009-10-08 16:17 <DIR> --d----- c:\program files\FixPolicies
2009-10-07 22:32 107,547 a------- c:\windows\system32\drivers\klin.dat
2009-10-07 22:32 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-10-07 22:31 3,885,088 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-10-07 22:31 532,512 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-10-07 22:31 34,576 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-10-07 22:31 6,044 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-10-07 22:31 <DIR> --d----- c:\program files\Kaspersky Lab
2009-10-07 22:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-10-01 23:44 4,904 a------- c:\windows\system32\PerfStringBackup.TMP
2009-09-29 22:11 <DIR> --d----- c:\docume~1\~~awu~~\applic~1\Logitech
2009-09-29 22:11 <DIR> --d----- c:\docume~1\~~awu~~\applic~1\Leadertech
2009-09-29 22:08 301,656 a------- c:\windows\system32\BtCoreIf.dll
2009-09-29 22:08 170,512 a------- c:\windows\system32\kemutb.dll
2009-09-29 22:08 145,936 a------- c:\windows\system32\KemUtil.dll
2009-09-29 22:08 117,264 a------- c:\windows\system32\KemWnd.dll
2009-09-29 22:08 84,496 a------- c:\windows\system32\KemXML.dll
2009-09-29 22:07 <DIR> --d----- c:\docume~1\~~awu~~\applic~1\InstallShield
2009-09-29 22:03 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-09-29 22:03 21,504 a------- c:\windows\system32\hidserv.dll
2009-09-29 22:03 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-09-29 22:03 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-09-29 22:03 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-09-29 22:03 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-09-25 21:07 <DIR> --d----- c:\docume~1\~~awu~~\applic~1\ESET
2009-09-20 20:49 <DIR> --d----- c:\program files\Aztech Systems Ltd
2009-09-20 20:42 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-09-20 07:59 <DIR> --d----- c:\docume~1\~~awu~~\applic~1\SUPERAntiSpyware.com
2009-09-19 22:26 <DIR> --d----- c:\program files\SopCast
2009-09-19 06:50 15,204,352 a------- c:\documents and settings\~~awu~~\ntuser.dat
2009-09-11 00:26 <DIR> --dshr-- C:\Recycled
2009-09-11 00:26 27 ---shr-- C:\autorun.inf

==================== Find3M ====================

2009-10-10 22:01 11,218 a------- c:\windows\system32\cid_store.dat
2009-10-07 23:48 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-09-29 22:09 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-29 22:09 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-29 22:09 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-06 16:21 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-09-06 16:07 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-09-05 22:53 720,896 a------- c:\windows\iun6002.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-20 20:52 47,104 a------- c:\windows\system32\KMVIDC32.DLL
2008-09-02 08:33 610,304 a------- c:\documents and settings\~~awu~~\TCPOptimizer.exe
2005-06-03 20:01 293,376 a--shr-- c:\windows\info\plugin.dat
2008-11-10 19:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 22:06:40.92 ===============

the attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date:
System Uptime: 10/10/2009 10:21:24 AM (12 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5PL2
Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 3010/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 19.093 GiB free.
D: is FIXED (NTFS) - 38 GiB total, 10.018 GiB free.
E: is FIXED (NTFS) - 39 GiB total, 15.309 GiB free.
F: is FIXED (NTFS) - 34 GiB total, 20.871 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\4&CF81C54&0&08F0
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\4&CF81C54&0&08F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\4&CF81C54&0&09F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\4&CF81C54&0&09F0
Service:

==== System Restore Points ===================

RP1: 10/6/2009 2:27:59 PM - System Checkpoint
RP2: 10/7/2009 3:06:18 PM - System Checkpoint
RP3: 10/7/2009 10:31:01 PM - Installed Kaspersky Anti-Virus 2009.
RP4: 10/10/2009 7:02:16 PM - System Checkpoint

==== Installed Programs ======================


3DVIA player 4.1
7-Zip 4.42
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.6
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
ATI Display Driver
AusLogics Disk Defrag
BBE Sonic Maximizer Plugin
Bluesoleil2.6.0.8 Release 070517
CCleaner (remove only)
CDCheck
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Cool Edit Pro 2.1
Critical Update for Windows Media Player 11 (KB959772)
Doraemon
DVD Decrypter (Remove Only)
Easy Image Converter
erLT
Fonts Installation
Form Fill (Windows Live Toolbar)
Free WMA to MP3 Converter 1.16
Freelang Dictionary (wordlist)
Freelang Dictionary 3.74 beta
Freez FLV to MP3 Converter
GOM Player
Google Gears
Google Toolbar for Internet Explorer
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IE7Pro
IHMC CmapTools v4.18
Java™ 6 Update 15
K-Lite Mega Codec Pack 4.1.7
Kaspersky Anti-Virus 2009
KhalInstallWrapper
Korean Fonts Support For Adobe Reader 8
LHDN Borang eCP39
Logitech SetPoint
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CHS
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Application Compatibility Database
mIRC
MKPP v3.02
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB927977)
Musicnotes Player V1.23.2 and Viewer
Nero 7 Ultra Edition
OGA Notifier 1.7.0105.35.0
OneCare Advisor (Windows Live Toolbar)
PDF Settings
Photo Story 3 for Windows
Pico2000
Popup Blocker (Windows Live Toolbar)
Power AMR MP3 WAV WMA M4A AC3 Audio Converter 1.6
PowerDVD
PPS网络电视 V2.6.86.8898 正式版
QuickTime
Real Alternative 1.9.0
Samsung ML-1740 Series
ScrCapture
Search Settings
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Segoe UI
Smart Menus (Windows Live Toolbar)
SopCast 3.2.4
SoundMAX
Tabbed Browsing (Windows Live Toolbar)
The KMPlayer (remove only)
Tweak UI
Ultrafunk Sonitus:fx plug-ins 2.0b
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Snooper v2.14.02
VideoCAM Eye
Waves Native Gold Bundle v3.01
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
WinZip
WL630USB Wireless B/G USB Adapter
WordWeb
Worms2
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! 导航条
YAMAHA Digital Music Notebook
千千静听 5.2Beta
迅雷5

==== End Of File ===========================

the rootrepal log
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/10 22:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF7292000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xED886000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A3B000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP0724
Image Path: \Driver\PCI_PNP0724
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9D2F000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sphn.sys
Image Path: sphn.sys
Address: 0xF738D000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\liuhaoyuyj@hotmail.com\DFSR\Staging\CS{2E7C17E9-8787-648B-BBBD-F90DF9DFAF84}\12\12-{A5~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\60\60-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v60-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v60-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\61\425-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\62\429-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\62\598-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\63\163-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v163-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v163-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\63\63-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v63-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v63-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\64\164-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v164-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v164-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\64\438-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\65\65-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v65-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v65-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\65\718-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\66\66-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v66-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v66-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\67\167-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v167-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v167-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\67\439-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\68\168-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v168-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v168-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\68\434-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\69\169-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v169-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v169-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\69\69-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v69-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v69-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\70\70-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v70-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v70-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\70\737-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\71\171-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v171-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v171-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\71\71-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v71-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v71-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\72\72-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v72-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v72-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\73\173-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v173-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v173-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\73\73-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v73-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v73-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\74\74-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v74-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v74-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\74\766-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\75\757-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\76\176-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v176-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v176-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\77\177-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v177-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v177-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\78\764-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\79\179-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v179-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v179-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\81\754-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\82\182-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v182-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v182-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\83\762-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\84\760-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\86\186-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v186-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v186-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\87\187-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v187-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v187-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\88\188-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v188-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v188-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\89\189-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v189-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v189-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\90\190-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v190-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v190-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\91\191-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v191-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v191-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\92\92-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v92-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v92-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\93\460-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\94\94-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v94-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v94-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\95\95-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v95-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v95-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\96\96-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v96-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v96-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\97\97-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v97-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v97-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\98\98-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v98-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v98-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\99\99-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v99-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v99-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\44\562-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\45\145-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v145-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v145-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\47\47-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v47-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v47-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\48\148-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v148-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v148-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\48\48-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v48-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\49\49-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v49-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v49-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\50\150-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v150-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v150-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\50\408-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\51\151-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v151-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v151-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\51\405-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\52\152-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v152-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v152-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\53\583-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\54\154-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v154-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v154-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\54\54-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v54-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v54-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\55\155-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v155-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v155-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\55\409-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\56\156-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v156-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v156-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\56\419-{B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\57\157-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v157-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v157-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\58\158-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v158-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v158-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\meipeng_88@hotmail.com\DFSR\Staging\CS{1D3ACE64-5159-9845-8A92-387C3BDB4E44}\59\159-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v159-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v159-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\simin_1992@hotmail.com\DFSR\Staging\CS{962970BD-533E-6748-8881-BEE91F32B14C}\30\130-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v130-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v130-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sp@hotmail.com\SharingMetadata\unlove_wayne@hotmail.com\DFSR\Staging\CS{803A3215-65BB-8AF2-07A3-9EFF5AD48D25}\47\147-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v147-{B86EB25F-AF88-479C-9AC3-52B04E1E4A0E}-v147-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\~~AWU~~\Local Settings\Application Data\Microsoft\Messenger\siqi_lee_sSSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa1da

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa7ae

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbac1ea

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbabb9c

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedba9950

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "vax347b.sys" at address 0xf732fc70

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbadb7c

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa5ae

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedba9d92

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedba9f92

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbabeac

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbae084

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa0a8

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa110

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbabd5e

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbad620

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbab9f8

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedba9ab2

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa3b2

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbadba6

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa2fe

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa178

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedba9e7c

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedba9c5a

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbad888

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedba95d2

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaca74

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedba9734

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbadf56

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedba93d0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbac08c

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa6ac

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbad71a

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbadbd0

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "vax347b.sys" at address 0xf733b450

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedba9b08

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbadcb4

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbadde0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbad54c

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa47e

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaa4f0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86fb71f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x850165a8 Size: 11

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x84ddb1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x86acda20 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86b2cae0 Size: 99

Object: Hidden Code [Driver: imagedrv, IRP_MJ_CREATE]
Process: System Address: 0x86fb91f8 Size: 121

Object: Hidden Code [Driver: imagedrv, IRP_MJ_CLOSE]
Process: System Address: 0x86fb91f8 Size: 121

Object: Hidden Code [Driver: imagedrv, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fb91f8 Size: 121

Object: Hidden Code [Driver: imagedrv, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fb91f8 Size: 121

Object: Hidden Code [Driver: imagedrv, IRP_MJ_POWER]
Process: System Address: 0x86fb91f8 Size: 121

Object: Hidden Code [Driver: imagedrv, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fb91f8 Size: 121

Object: Hidden Code [Driver: imagedrv, IRP_MJ_PNP]
Process: System Address: 0x86fb91f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x86f701f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x868e9500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x868e9500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x868e9500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x868e9500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x868e9500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x868e9500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x868e9500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86fbb1f8 Size: 121

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLOSE]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_READ]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_WRITE]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_EA]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLEANUP]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_POWER]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_PNP]
Process: System Address: 0x86f939d0 Size: 99

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8606c1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8606c1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8606c1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8606c1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8606c1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8606c1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x868e6500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x868e6500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x868e6500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x868e6500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x868e6500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x868e6500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x868e6500 Size: 121

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_CREATE]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_CLOSE]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_READ]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_WRITE]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_QUERY_EA]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_SET_EA]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_SHUTDOWN]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_CLEANUP]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_SET_SECURITY]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_POWER]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_SET_QUOTA]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: ap89yr8f؅ఉ䱋桳歶!D, IRP_MJ_PNP]
Process: System Address: 0x869fbc48 Size: 99

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x86a26348 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x868f6648 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x869f32c8 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x860201f8 Size: 121

Object: Hidden Code [Driver: Npfs؅潉济瓨ň؂ఇ浍浓⨀蚺Ā, IRP_MJ_READ]
Process: System Address: 0x86caf600 Size: 11

Object: Hidden Code [Driver: Msfs؅瑎て؁ః瑎て, IRP_MJ_READ]
Process: System Address: 0x86d0d9d8 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x869e6600 Size: 11

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_CREATE]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_CLOSE]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_READ]
Process: System Address: 0x868e5260 Size: 11

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_SHUTDOWN]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_CLEANUP]
Process: System Address: 0x860181f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅ瑎獆ࠁఅ瑎獆, IRP_MJ_PNP]
Process: System Address: 0x860181f8 Size: 121

Hidden Services
-------------------
Service Name: tbqphdzy
Image Path: %SystemRoot%\system32\svchost.exe -k netsvcs

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbab938

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbab998

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbab9c8

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbab968

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbaae28

#: 323 Function Name: NtUserCallOneParam
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbabff8

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xedbab106

#: 383 Fu==EOF==

i would appreciate any help(: , thx

BC AdBot (Login to Remove)

 


#2 siqilee

siqilee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 11 October 2009 - 10:05 AM

somebody mind helping?D:~i think i did the right thing this time already><

Hello siqilee,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 12 October 2009 - 05:58 PM.


#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:24 PM

Posted 25 October 2009 - 12:23 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:24 PM

Posted 30 October 2009 - 04:28 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users