Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32 pacex and onlinegames virus help


  • Please log in to reply

#1
boringoo00

boringoo00

    New Member

  • Member
  • Pip
  • 8 posts
my computer infected by win32 pacex and some other virus.nod32 keep popping out warning message but is unable to remove the virus.can someone help me to remove this virus.thx in advance.
this is my hijackThis log,pls hav a look.thx :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 11:24:54, on 2008/8/22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\WINDOWS\system32\notepad.exe

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 設為 Messenger Live 頭像 - \SetMSNDP.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206207024207
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7580 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello boringoo00

Welcome to G2Go. :)
=====================
If the scan does not fit you can upload it here and attach it.


Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
  • 0

#3
boringoo00

boringoo00

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thx for ur help.i hav download the otscanit and when i extract it.nod32 detect it as virus so i disable nod32 and run the test as requested.
the below is the log file.pls hav a look thx

[code=auto:0]
OTScanIt logfile created on: 2008/8/23 上午 12:24:28
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Downloads\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000404 | Country: Taiwan | Language: CHT | Date Format: yyyy/M/d

446.41 Mb Total Physical Memory | 109.69 Mb Available Physical Memory | 24.57% Memory free
1.03 Gb Paging File | 0.69 Gb Available in Paging File | 66.81% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 48.91 Gb Free Space | 65.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JIE
Current User Name: Jie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ekrn.exe -> %ProgramFiles%\ESET\ESET Smart Security\ekrn.exe -> ESET [Ver = 3.0.650 | Size = 472320 bytes | Modified Date = 2008/3/13 下午 04:49:56 | Attr = ]
nsvclog.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 65599 bytes | Modified Date = 2006/7/13 下午 04:59:32 | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 2007/10/4 下午 05:14:00 | Attr = ]
nsvcip.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 131131 bytes | Modified Date = 2006/7/13 下午 04:59:48 | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.8.2 | Size = 16860672 bytes | Modified Date = 2007/12/20 下午 04:47:36 | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 2005/5/11 下午 11:12:54 | Attr = ]
egui.exe -> %ProgramFiles%\ESET\ESET Smart Security\egui.exe -> ESET [Ver = 3.0.650 | Size = 1443072 bytes | Modified Date = 2008/3/13 下午 04:48:30 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 2008/5/28 下午 05:57:06 | Attr = ]
emule.exe -> %ProgramFiles%\eMule\emule.exe -> http://www.emule-project.net [Ver = 0.48.0.80627 Unicode | Size = 5256752 bytes | Modified Date = 2008/6/27 下午 03:28:24 | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 2005/5/11 下午 11:23:26 | Attr = ]
hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 2005/5/12 上午 12:40:38 | Attr = ]
hprblog.exe -> %ProgramFiles%\HP\Digital Imaging\Product Assistant\bin\hprblog.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 77824 bytes | Modified Date = 2005/5/11 下午 11:16:22 | Attr = ]
teamviewer.exe -> %ProgramFiles%\TeamViewer3\TeamViewer.exe -> TeamViewer GmbH [Ver = 3.5.4140.0 | Size = 2731304 bytes | Modified Date = 2008/3/12 下午 05:02:12 | Attr = ]
otscanit.exe -> %SystemDrive%\Downloads\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 2008/7/12 上午 09:29:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004/8/4 上午 06:56:50 | Attr = ]
(EhttpSrv) Eset HTTP Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ESET\ESET Smart Security\EHttpSrv.exe -> ESET [Ver = 3.0.650 | Size = 19200 bytes | Modified Date = 2008/3/13 下午 04:55:26 | Attr = ]
(ekrn) Eset Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\ESET Smart Security\ekrn.exe -> ESET [Ver = 3.0.650 | Size = 472320 bytes | Modified Date = 2008/3/13 下午 04:49:56 | Attr = ]
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Stopped] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 2006/4/3 下午 06:04:02 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005/4/4 上午 12:41:10 | Attr = ]
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 131131 bytes | Modified Date = 2006/7/13 下午 04:59:48 | Attr = ]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 65599 bytes | Modified Date = 2006/7/13 下午 04:59:32 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 2007/10/4 下午 05:14:00 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 2004/9/29 下午 12:14:36 | Attr = ]

[Driver Services - Non-Microsoft Only]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004/8/4 上午 05:07:18 | Attr = ]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004/8/4 上午 05:07:18 | Attr = ]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2001/8/23 下午 07:00:00 | Attr = ]
(EagleNT) EagleNT [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EagleNT.sys -> File not found
(eamon) eamon [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\eamon.sys -> ESET [Ver = 3.0.650 | Size = 40456 bytes | Modified Date = 2008/3/13 下午 04:43:42 | Attr = ]
(easdrv) easdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\easdrv.sys -> ESET [Ver = 3.0.650 | Size = 29704 bytes | Modified Date = 2008/3/13 下午 04:44:36 | Attr = ]
(epfw) epfw [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\epfw.sys -> ESET [Ver = 3.0.650 | Size = 71176 bytes | Modified Date = 2008/3/13 下午 04:52:12 | Attr = ]
(Epfwndis) Eset Personal Firewall [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\epfwndis.sys -> ESET [Ver = 3.0.650 | Size = 30728 bytes | Modified Date = 2008/3/13 下午 04:52:16 | Attr = ]
(epfwtdi) epfwtdi [Kernel | System | Running] -> %SystemRoot%\system32\drivers\epfwtdi.sys -> ESET [Ver = 3.0.650 | Size = 54280 bytes | Modified Date = 2008/3/13 下午 04:52:16 | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows ® Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 2005/1/7 下午 05:07:18 | Attr = ]
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 2005/3/8 下午 12:43:25 | Attr = R ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 2005/3/8 下午 12:43:26 | Attr = R ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 2005/3/8 下午 12:43:27 | Attr = R ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.0.5532 built by: WinDDK | Size = 4637696 bytes | Modified Date = 2007/12/20 下午 06:00:06 | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 6854464 bytes | Modified Date = 2007/10/4 下午 05:14:00 | Attr = ]
(nvata) nvata [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvata.sys -> NVIDIA Corporation [Ver = 5.10.2600.0686 built by: WinDDK | Size = 105344 bytes | Modified Date = 2006/8/14 下午 01:51:28 | Attr = ]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.06521 | Size = 57856 bytes | Modified Date = 2006/7/11 下午 08:38:28 | Attr = ]
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.03.06521 | Size = 20480 bytes | Modified Date = 2006/7/11 下午 08:38:30 | Attr = ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2001/8/23 下午 07:00:00 | Attr = ]
(RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RMSPPPOE.SYS -> Robert Schlabbach [Ver = 0.98.0720.0 | Size = 31504 bytes | Modified Date = 2002/10/3 上午 12:09:08 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007/11/13 下午 06:25:53 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2008/1/11 下午 10:16:38 | Attr = ]
Alcmtr -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 2005/5/3 下午 06:43:28 | Attr = ]
egui -> %ProgramFiles%\ESET\ESET Smart Security\egui.exe ["C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice] -> ESET [Ver = 3.0.650 | Size = 1443072 bytes | Modified Date = 2008/3/13 下午 04:48:30 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 2005/5/11 下午 11:12:54 | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 8491008 bytes | Modified Date = 2007/10/4 下午 05:14:00 | Attr = ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 81920 bytes | Modified Date = 2007/10/4 下午 05:14:00 | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1626112 bytes | Modified Date = 2007/10/4 下午 05:14:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.0.3 | Size = 155648 bytes | Modified Date = 2008/5/28 下午 05:57:06 | Attr = ]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.1.8.2 | Size = 16860672 bytes | Modified Date = 2007/12/20 下午 04:47:36 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AdobeUpdater -> %CommonProgramFiles%\Adobe\Updater5\AdobeUpdater.exe [C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe] -> Adobe Systems Incorporated [Ver = 5, 1, 0, 1082 | Size = 2321600 bytes | Modified Date = 2007/3/1 上午 10:37:52 | Attr = R ]
eMuleAutoStart -> %ProgramFiles%\eMule\emule.exe [C:\Program Files\eMule\emule.exe -AutoStart] -> http://www.emule-project.net [Ver = 0.48.0.80627 Unicode | Size = 5256752 bytes | Modified Date = 2008/6/27 下午 03:28:24 | Attr = ]
kamsoft -> %SystemRoot%\system32\ckvo.exe [C:\WINDOWS\system32\ckvo.exe] -> [Ver = | Size = 87215 bytes | Modified Date = 2008/8/2 下午 01:13:00 | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 2005/5/11 下午 11:23:26 | Attr = ]
< Jie Startup Folder > -> C:\Documents and Settings\Jie\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 2007/6/13 下午 06:23:07 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 2004/8/4 上午 06:56:58 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 2004/8/4 上午 06:56:52 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 2007/10/26 上午 11:34:01 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 2004/8/4 上午 06:56:58 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2004/8/4 上午 04:59:54 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomASUS_DVD-E616A3T________________________CP09\4&ac26b09&0&1.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2008/3/22 下午 11:56:41 | Attr = ]
autorun.inf [;k3e0ZAaJs252wjrrwa4408rIOssk | [AutoRun] | ;3aww551ejArKwi3wDASia1ld4o2aq92qLKALiKiK28ppkddZk4sJawdda94loSq7icilaJA4fokew00
erqIeF4jjj3 | open=e.com | ;65LsaKDd4Ikii2lSe0KApkwi50odosrlo4dai2raDKAlOs3lLirawp7qpsfAZw4l7sq1a8r | shell\open\Command=e.com | ;eaak3s6o48kkiri3KS5sqefkjodo4dfKsea2wijKifZ34lLkipwawlrSwwA2ldK4DqjA2es5oj | shell\open\Default=1 | ;oaJSiaJoia46pwisd3KAlDqLkfa3mfD3K345f3Dsr32d2q2OJilq2wSokrkS4aqc94De04jKjo04j2K
sqqL9H5Askk44LqdLa04ino | shell\explore\Command=e.com | ;woJsw7jail247Daw272q0L | ] -> %SystemDrive%\autorun.inf [ NTFS ] -> [Ver = | Size = 505 bytes | Modified Date = 2008/8/23 上午 12:24:09 | Attr = RHS]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/?wl=true ->
HKEY_CURRENT_USER\: URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Search Settings\kb127\SearchSettings.dll [SearchSettings Class] -> Vendio Services, Inc. [Ver = 1, 2, 0, 6 | Size = 1107296 bytes | Modified Date = 2008/4/16 下午 05:56:22 | Attr = ]
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{000123B4-9B42-4900-B3F7-F4B073EFC214} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Orbitdownloader\orbitcth.dll [Octh Class] -> Orbitdownloader.com [Ver = 2, 4, 0, 1 | Size = 187512 bytes | Modified Date = 2008/3/20 下午 03:13:02 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006/10/22 下午 11:08:42 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Search Settings\kb127\SearchSettings.dll [SearchSettings Class] -> Vendio Services, Inc. [Ver = 1, 2, 0, 6 | Size = 1107296 bytes | Modified Date = 2008/4/16 下午 05:56:22 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Download by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/7/13 下午 05:23:42 | Attr = ]
&Grab video by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/7/13 下午 05:23:42 | Attr = ]
Do&wnload selected by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/7/13 下午 05:23:42 | Attr = ]
Down&load all by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 2007/7/13 下午 05:23:42 | Attr = ]
設為 Messenger Live 頭像 -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{E7F42CE4-658E-4249-9C62-4AB598D68B3D} -> (NVIDIA nForce Networking Controller) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.mi...b?1206207024207[WUWebControl Class] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.m...ash/swflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004/8/4 上午 06:56:44 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005/6/16 上午 01:49:30 | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004/8/4 上午 06:56:44 | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007/4/25 下午 10:21:15 | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006/3/24 下午 12:37:50 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1112 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004/8/4 上午 06:56:46 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004/8/4 上午 06:56:46 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 61 86 C5 D4 00 37 30 77 FB 76 32 CC 7B 80 02 F2 66 33 37 61 66 61 64 39 00 FD 07 00 18 40 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 1C 80 B9 71 F2 0F 7A 96 72 5B 4B F3 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 69 DF 7A 00 FF 2D B5 6F 80 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> DD 92 F6 37 C2 9C [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2001/8/23 下午 07:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> E1 B5 A1 EB 14 7D 32 DD 8E 74 F5 8B D8 78 27 BB [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 66 50 6F 5B 41 8C C8 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 5E 94 25 AD 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 5E 94 25 AD 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 5E 94 25 AD 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004/8/4 上午 06:56:58 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 4380 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004/8/4 上午 06:56:44 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004/8/4 上午 06:56:58 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006/10/10 下午 08:44:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007/10/18 上午 11:34:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007/10/2 下午 05:18:24 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004/8/4 上午 06:56:58 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server] -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 2006/4/3 下午 06:04:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6316.5000 | Size = 12844576 bytes | Modified Date = 2008/5/21 上午 04:37:24 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 340856 bytes | Modified Date = 2007/8/29 上午 12:23:36 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 1022840 bytes | Modified Date = 2007/8/28 下午 11:43:30 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006/10/10 下午 08:44:50 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitdm.exe -> %ProgramFiles%\Orbitdownloader\orbitdm.exe [C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit] -> Orbitdownloader.com [Ver = 2, 6, 0, 4 | Size = 1678536 bytes | Modified Date = 2008/3/20 下午 03:13:04 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitnet.exe -> %ProgramFiles%\Orbitdownloader\orbitnet.exe [C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit] -> Orbitdownloader.com [Ver = 2, 6, 0, 4 | Size = 356352 bytes | Modified Date = 2008/3/18 下午 03:34:14 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007/10/18 上午 11:34:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007/10/2 下午 05:18:24 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedA
  • 0

#4
boringoo00

boringoo00

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero\(u6b\acWS]
"Order"=hex:08,00,00,00,02,00,00,00,04,05,00,00,01,00,00,00,08,00,00,00,aa,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\hQ\xe15c]
"??T\x80\x93de???"=dword:00000001
"???eQ???"=dword:00000001
"\20?n\x80c9:y??"=dword:00000001
"\26Y\1x\x80c9:y?"=dword:00000001
"\x6d84zz<h?"=dword:00000000
"IQ\ah????"=dword:00000001
"<SPACE>"=dword:00000001
"<ENTER>"=dword:00000000
"FC Input"=dword:00000000
"FC aid"=dword:00000000
"GB/GBK"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\\x59b4\xe15c]
"??T\x80\x93de???"=dword:00000001
"???eQ???"=dword:00000001
"\20?n\x80c9:y??"=dword:00000001
"\26Y\1x\x80c9:y?"=dword:00000001
"\x6d84zz<h?"=dword:00000000
"IQ\ah????"=dword:00000001
"<SPACE>"=dword:00000001
"<ENTER>"=dword:00000000
"FC Input"=dword:00000000
"FC aid"=dword:00000000
"GB/GBK"=dword:00000000
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13 165 bytes
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jie\Desktop\shoes\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jie\Desktop\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jie\Favorites\MSN.com.url:favicon 3638 bytes
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\23\1234-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1123-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1234-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\55\1172-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1055-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1172-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1560 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\55\1172-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1055-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1172-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\55\1253-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1155-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1253-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 152 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\00\1216-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1100-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1216-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\01\10-{786E39F8-522E-67BD-C0C9-617721A71550}-v1-{EE917807-EAD9-4232-8F6F-F2E3538FEFAD}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\01\1217-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1101-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1217-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 192 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\02\1218-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1102-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1218-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\03\1219-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1103-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1219-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 248 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\04\1220-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1104-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1220-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 168 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\05\1221-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1105-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1221-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 240 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\06\1222-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1106-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1222-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\07\1223-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1107-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1223-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 152 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\08\1224-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1108-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1224-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\09\1225-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1109-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1225-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 152 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\10\1226-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1110-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1226-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\11\1227-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1111-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1227-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\12\1302-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1112-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1302-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\13\1303-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1113-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1303-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\14\1304-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1114-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1304-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\15\1305-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1115-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1305-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\16\1306-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1116-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1306-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\17\1228-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1117-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1228-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\18\1229-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1118-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1229-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\19\1230-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1119-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1230-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\20\1231-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1120-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1231-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\21\1232-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1121-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1232-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\22\1233-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1122-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1233-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 128 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\56\1173-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1056-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1173-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 984 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\56\1173-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1056-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1173-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 120 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\56\1254-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1156-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1254-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\57\1174-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1057-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1174-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1578 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\57\1174-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1057-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1174-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 168 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\57\1279-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1257-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1279-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1576 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\58\1175-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1058-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1175-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1002 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\58\1175-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1058-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1175-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\58\1280-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1258-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1280-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2112 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\59\1176-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1059-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1176-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1452 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\59\1176-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1059-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1176-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 160 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\59\1281-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1259-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1281-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2176 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\60\1177-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1060-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1177-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1074 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\60\1177-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1060-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1177-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 120 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\60\1282-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1260-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1282-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1608 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\61\1178-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1061-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1178-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1470 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\61\1178-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1061-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1178-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 168 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\61\1283-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1261-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1283-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1704 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\62\1179-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1062-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1179-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1074 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\62\1179-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1062-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1179-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\62\1284-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1262-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1284-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2024 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\63\1180-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1063-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1180-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1470 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\63\1180-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1063-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1180-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 152 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\63\1285-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1263-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1285-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2080 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\64\1181-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1064-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1181-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1038 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\64\1181-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1064-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1181-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\64\1286-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1264-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1286-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2280 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\65\1255-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1065-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1255-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 160 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\65\1287-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1265-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1287-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2032 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\66\1183-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1066-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1183-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1290 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\66\1183-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1066-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1183-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\66\1288-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1266-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1288-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 776 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\67\1184-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1067-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1184-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1650 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\67\1184-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1067-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1184-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 184 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\67\1289-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1267-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1289-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2216 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\68\1185-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1068-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1185-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1218 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\68\1185-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1068-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1185-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\68\1290-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1268-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1290-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2168 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\69\1186-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1069-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1186-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 184 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\69\1291-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1269-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1291-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2472 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\70\1187-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1070-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1187-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\70\1292-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1270-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1292-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2336 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\71\1188-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1071-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1188-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 184 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\71\1293-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1271-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1293-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2568 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\72\1189-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1072-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1189-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\72\1294-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1272-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1294-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2528 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\73\1190-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1073-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1190-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\73\1295-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1273-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1295-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2304 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\74\1191-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1074-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1191-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\74\1296-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1274-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1296-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2016 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\75\1192-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1075-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1192-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 144 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\75\1297-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1275-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1297-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 17544 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\75\1297-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1275-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1297-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1944 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\76\1256-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1076-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1256-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\76\1298-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1276-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1298-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1952 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\77\1299-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1277-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1299-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 39252 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\77\1299-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1277-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1299-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4848 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\77\1301-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1077-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1301-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 160 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\78\11-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1278-{EE917807-EAD9-4232-8F6F-F2E3538FEFAD}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 25878 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\78\11-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1278-{EE917807-EAD9-4232-8F6F-F2E3538FEFAD}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1884 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\78\11-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1278-{EE917807-EAD9-4232-8F6F-F2E3538FEFAD}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3320 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\78\1194-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1078-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1194-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\79\1195-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1079-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1195-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 160 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\80\1196-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1080-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1196-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\81\1197-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1081-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1197-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 152 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\82\1198-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1082-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1198-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\83\1199-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1083-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1199-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\84\1200-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1084-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1200-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\85\1201-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1085-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1201-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 128 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\86\1202-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1086-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1202-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 120 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\87\1203-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1087-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1203-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 168 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\88\1204-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1088-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1204-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 120 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\89\1205-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1089-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1205-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 160 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\90\1206-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1090-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1206-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\91\1207-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1091-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1207-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 248 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\92\1208-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1092-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1208-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 168 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\93\1209-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1093-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1209-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 240 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\94\1210-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1094-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1210-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\95\1211-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1095-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1211-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 248 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\96\1212-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1096-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1212-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 168 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\97\1213-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1097-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1213-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 232 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\98\1214-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1098-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1214-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\99\1215-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1099-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1215-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 160 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\24\1235-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1124-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1235-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 120 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\25\1307-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1125-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1307-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\26\1308-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1126-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1308-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 120 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\27\1309-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1127-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1309-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\28\1310-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1128-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1310-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\29\1311-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1129-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1311-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 168 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\30\1312-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1130-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1312-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\31\1313-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1131-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1313-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 184 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\32\1238-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1132-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1238-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\33\1239-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1133-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1239-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\34\1240-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1134-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1240-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 72 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\35\1241-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1135-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1241-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\36\1314-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1136-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1314-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 120 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\37\1315-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1137-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1315-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 168 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\38\1045-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1038-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1045-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1128 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\38\1045-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1038-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1045-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 128 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\38\1316-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1138-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1316-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 112 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\39\1157-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1039-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1157-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 840 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\39\1157-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1039-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1157-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\39\1317-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1139-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1317-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\40\1158-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1040-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1158-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1200 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\40\1158-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1040-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1158-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 128 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\40\1318-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1140-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1318-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 104 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\41\1159-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1041-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1159-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 876 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F8-522E-67BD-C0C9-617721A71550}\41\1159-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1041-{0C9F2FE8-48BB-468E-93FB-22072988D80E}-v1159-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 96 bytes hidden from API
C:\Documents and Settings\Jie\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{786E39F
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi some was cut off I will need you to attach it.
To do that in your next reply click on the Browse button and then go to the OTscan it log that you saved.
Then click on Upload.
Then click the dropdown that says Manage current attachments.
Then insert image into text editor.

Thanks.
  • 0

#6
boringoo00

boringoo00

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Attached File  OTScanIt.Txt   406.89KB   153 downloads
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#8
boringoo00

boringoo00

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thanks~


Malwarebytes' Anti-Malware 1.25
Database version: 1076
Windows 5.1.2600 Service Pack 2

上午 01:42:14 2008/8/23
mbam-log-08-23-2008 (01-42-14).txt

Scan type: Quick Scan
Objects scanned: 43177
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)

  • 0

#10
boringoo00

boringoo00

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ckvo0.dll;C:\WINDOWS\system32;Trojan.Nsanti.Packed;¤w§R°£¡C;
ckvo1.dll;C:\WINDOWS\system32;Trojan.Nsanti.Packed;¤w§R°£¡C;
e.com;C:\;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0173420.exe;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP174;Trojan.DownLoad.336;¤w§R°£¡C;
A0174662.exe;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP177;Trojan.DownLoad.336;¤w§R°£¡C;
A0185343.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP188;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185347.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP188;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185370.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP189;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185393.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP189;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185394.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP189;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185397.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP190;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185411.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP190;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185415.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP190;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185434.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP190;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185436.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP190;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185437.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP191;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185439.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP191;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185482.exe;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP191;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185513.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP191;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185515.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP191;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185522.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP191;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185523.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP191;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185527.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP192;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185531.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP192;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185572.exe;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP192;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185603.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP192;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185604.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP192;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185605.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP193;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185606.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP193;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185650.exe;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP193;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185681.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP193;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185682.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP193;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185683.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP194;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185684.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP194;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185728.exe;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP194;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185759.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP194;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185760.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP194;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185767.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP195;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185774.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP195;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185794.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP195;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185807.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP196;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185830.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP196;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185835.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP196;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185876.exe;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP197;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185930.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP197;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185931.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP197;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185937.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP198;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185972.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP198;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185973.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP198;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0185976.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP199;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0186006.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP199;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0186007.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP199;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0186018.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0186025.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0186026.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0186074.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0186076.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0187074.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0187076.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0188074.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0188075.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0188080.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0188081.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0188098.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0188099.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP200;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0188103.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP201;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0188131.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP201;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0188135.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP201;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0188148.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP202;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189131.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP202;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189132.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP202;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189145.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP202;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189146.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP202;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189189.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP202;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189190.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP202;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189195.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP203;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189207.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP203;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189211.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP203;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189213.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP204;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189397.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP205;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0189398.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP205;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0190382.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP205;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0190383.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP205;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0190401.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP205;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0190402.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP205;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0191401.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP205;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0191402.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP205;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0191422.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP206;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0191444.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP206;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0191446.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP206;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0192444.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP206;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0192446.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP206;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0192470.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP206;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0192475.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP206;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193473.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP206;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193475.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP206;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193483.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP207;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193510.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP207;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193512.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP207;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193523.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP208;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193554.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP208;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193559.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP208;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193597.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP209;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193619.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP209;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193621.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP209;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193665.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP209;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193670.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP209;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193689.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP210;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193716.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP210;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193718.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP210;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193747.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP211;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193758.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP211;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193760.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP211;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0193780.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP212;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0194758.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP212;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0194761.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP212;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0195758.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP212;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0195813.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP212;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0195814.dll;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP212;Trojan.Nsanti.Packed;¤w§R°£¡C;
A0195815.com;C:\System Volume Information\_restore{203711C1-1352-4A32-9B30-84CE19572015}\RP212;Trojan.Nsanti.Packed;¤w§R°£¡C;
  • 0

#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#12
boringoo00

boringoo00

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
thanks~a lot


KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 23, 2008 12:54:09
Records in database: 1133192
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 41257
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:17:34

No malware has been detected. The scan area is clean.
The selected area was scanned.
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks good as a final check can you post a new Hijackthis log?
  • 0

#14
boringoo00

boringoo00

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
morning...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 08:05:03, on 2008/8/24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 2564 bytes
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP