Netizen Posted September 25, 2010 ID:318581 Share Posted September 25, 2010 Here is my HijackThis logfileI really need help. When I click the some site(ex, Yahoo) from Google page the site direct to http://66.45.255.230/click.php?c=7b7771ff0...c50fa456a2a7f02 hereThanks~ Logfile of Trend Micro HijackThis v2.0.4Scan saved at ?? 7:02:19, on 2010-09-25Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\ZioFile\ExpressService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exec:\PROGRA~1\mcafee\SITEAD~1\McSACore.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\system32\npkcmsvc.exeC:\Program Files\QuickDownloadService\qdownagent.exeC:\Program Files\QuickDownloadService\qdownupdate.exeC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\conime.exeC:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\RayV\RayV\RayV.exeC:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\Trend Micro\Internet Security\TmProxy.exeC:\Program Files\Trend Micro\BM\TMBMSRV.exeC:\Program Files\Microsoft Office\Office12\EXCEL.EXEC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\wuauclt.exeR3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: gsearch - {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: ALToolBar BHO - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dllO3 - Toolbar: ALToolBar - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: ??! ?? - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXEO4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S324.tmp" /EF "HKLM"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorunO4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /backgroundO4 - HKCU\..\Run: [secuWidgetRs.exe] C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')O9 - Extra button: ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dllO9 - Extra 'Tools' menuitem: ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dllO9 - Extra button: ????? ?? ?? - {0A07354E-A092-490f-9597-BA096721A26D} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: ??? - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: Windows Live Writer? ???(& - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: ?? ????, 11?? - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmal...;tid=1000105205 (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - ESC Trusted Zone: http://*.update.microsoft.comO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cabO16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} (NowStarter2 Control) - http://sticube.clubbox.co.kr/sticubeupdate...NowStarter2.cabO16 - DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} (INIwallet61 Control) - https://plugin.inicis.com/wallet61/INIwallet61.cabO16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} (OnDisk File Control) - http://ondisk.co.kr/setup/OnDiskWebControl.cabO16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://image.cjmall.com/initech/plugin/dow...2010/INIS60.cabO16 - DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} (Fdisk File Control 1) - http://www.fdisk.co.kr/mmsv/FdiskWebControl.CABO16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - https://mpi.dacom.net/XPayMPI/XPayMPIOCX.cabO16 - DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} (GPKIInstallerX Class) - http://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cabO16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} (NetmarbleAutoUpdater Class) - http://download.netmarble.net/ActiveX/NMAu....1_20091109.cabO16 - DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} (NCLoaderCtl Class) - https://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1256884841828O16 - DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} (BBSFileUpload Control) - http://imbbs.imbc.com/controls/BBSFileUpload.cabO16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - https://members.hangame.com/common/CKKeyProInst.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256985826281O16 - DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} (DWSocket Control) - http://www.nhis.co.kr/real/DWSocket_NH.cabO16 - DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} (PrivacyScannerXP Control) - http://143.248.182.120/applex_wdigm/active...cyScannerXP.cabO16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cabO16 - DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} (WebStarter Control) - http://wo.tk.co.kr/webstarter/webstarter.cabO16 - DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} (OmlUMngClnt Class) - http://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cabO16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://gcc.nefficient.co.kr/gcc/vista/xecu.../xw_install.cabO16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} (NetmarbleSystemIDInfo Class) - http://download.netmarble.net/ActiveX/NMAu...nfo_1.0.0.1.cabO16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} (SpecAnalyzer Class) - http://cs.hangame.com/hangame/js/mail/HGReport.cabO16 - DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} (Zio File Control) - http://ziofile.com/setver/ZioFileControl.cabO16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://pann.nate.com/html/editor/CyPictureU.cab?20090430O16 - DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} (MainCtrl Class) - http://www.bomul.com/common/InnoFD/bomul_zdnet.cabO16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (V3D Client Control) - https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cabO16 - DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} (Beefile File Share Control 1) - http://beefile.com/mmsv/BeefileWebControl.CABO16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.net/kdefence/kdfense8237.cabO16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Sayclub Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cabO16 - DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} (FileUpload_Invil Control) - http://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cabO16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} (MakeShop Secure Control) - http://ssl.makeshop.co.kr/ssl/MSecure.cabO16 - DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} (KVPLoginCtl Control) - http://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cabO16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://id.hangame.com/common/HanSetup1030.cabO16 - DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} (AXServerFileX Control) - http://muhanfile.net/p2p/ActiveX/SeverFileX.ocxO16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} (SKCInst1 Class) - http://cyimg7.cyworld.com/cymusic/package/skcinst.cabO16 - DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} (MyPdpopAX Class) - http://218.55.98.92/appx/pdpopax.cabO16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://supdate.nprotect.net/nprotect2007/k...kcx_1004271.cabO16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - http://update.nprotect.net/nprotect2007/iprovest/npz2.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - https://plugin.inicis.com/banktown/wallet/p...tPmntClient.cabO16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cabO16 - DPF: {E92BD7ED-2045-4EFD-BB85-46444C9F738C} - https://dn2.realscan.co.kr/data/realscan/Re...an_Launcher.cabO16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - https://web.teledit.com/Sign/SKCommAX.cabO16 - DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} (MBCXeb Control) - http://toolbar.imbc.com/toolbar/setup/MBCXeb.cabO16 - DPF: {F67C8301-3928-4CAC-8914-16363551D293} (KbcWebDesk Control) - http://www.iprovest.com/wts/object/KbcWeb.cabO16 - DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} (AxIPlusInstall) - http://i-plus.jssearch.net/ActiveX/IPlusInstall.cabO18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: ExpressService - ExpressService - C:\Program Files\ZioFile\ExpressService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exeO23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exeO23 - Service: QuickDownload Agent - Innogrid, Inc - C:\Program Files\QuickDownloadService\qdownagent.exeO23 - Service: QuickDownload Service - Innogrid, Inc - C:\Program Files\QuickDownloadService\qdownservice.exeO23 - Service: QuickDownload Update - Innogrid, Inc - C:\Program Files\QuickDownloadService\qdownupdate.exeO23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeO23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exeO23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 15659 bytes Link to post Share on other sites More sharing options...
kahdah Posted September 26, 2010 ID:318802 Share Posted September 26, 2010 Hello NetizenWelcome to Malwarebytes.=====================Download OTL to your desktop.Double click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click CloseCopy the entire contents of the report and paste it in your next reply.Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?" Link to post Share on other sites More sharing options...
Netizen Posted September 28, 2010 Author ID:319612 Share Posted September 28, 2010 I did what you told me to do..but data is enormousOTL logfile created on: 2010-09-27 ?? 7:25:28 - Run 2OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator.MAIN1\My DocumentsWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000412 | Country: ???? | Language: KOR | Date Format: yyyy-MM-dd1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 149.04 Gb Total Space | 55.03 Gb Free Space | 36.92% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive J: | 14.31 Gb Total Space | 11.94 Gb Free Space | 83.44% Space Free | Partition Type: FAT32Computer Name: MAIN1Current User Name: AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Processes (SafeList) ==========PRC - C:\WINDOWS\system32\EE1FB72E.exe ()PRC - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe (OldTimer Tools)PRC - C:\Program Files\ZioFile\ExpressService.exe (ExpressService)PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)PRC - C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe (CREFREE Co., Ltd.)PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)PRC - C:\Program Files\RayV\RayV\RayV.exe (RayV)PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)PRC - C:\Program Files\QuickDownloadService\qdownagent.exe (Innogrid, Inc)PRC - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)PRC - C:\Program Files\QuickDownloadService\qdownupdate.exe (Innogrid, Inc)PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)========== Modules (SafeList) ==========MOD - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe (OldTimer Tools)MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\IMKR12.IME (Microsoft Corporation)MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (EE1FB72E) -- C:\WINDOWS\system32\EE1FB72E.exe ()SRV - (ExpressService) -- C:\Program Files\ZioFile\ExpressService.exe (ExpressService)SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)SRV - (QuickDownload Service) -- C:\Program Files\QuickDownloadService\qdownservice.exe (Innogrid, Inc)SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (QuickDownload Agent) -- C:\Program Files\QuickDownloadService\qdownagent.exe (Innogrid, Inc)SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)SRV - (QuickDownload Update) -- C:\Program Files\QuickDownloadService\qdownupdate.exe (Innogrid, Inc)SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)========== Driver Services (SafeList) ==========DRV - (TfSysMon) -- C:\WINDOWS\System32\drivers\TfSysMon.sys File not foundDRV - (TfNetMon) -- C:\WINDOWS\System32\drivers\TfNetMon.sys File not foundDRV - (TfFsMon) -- C:\WINDOWS\System32\drivers\TfFsMon.sys File not foundDRV - (scsk5) -- C:\WINDOWS\System32\drivers\scsk5.sys File not foundDRV - (neokdss) -- C:\WINDOWS\System32\Drivers\neokdss.sys File not foundDRV - (MEMSWEEP2) -- C:\WINDOWS\System32\45.tmp File not foundDRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)DRV - (kcrtx86) -- C:\WINDOWS\system32\kcrtx86.sys (Kings Information & Network)DRV - (JRSKD24) -- C:\WINDOWS\system32\JRSKD24.SYS (SoftForum Corporation)DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)DRV - (npkakl) -- C:\WINDOWS\system32\npkakl.sys (INCA Internet Co.,Ltd.)DRV - (NOWMEMDF) -- C:\WINDOWS\system32\nowmemdf.sys (©NOWCOM)DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.)DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sy@ (Microsoft Corporation)DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)DRV - (ousb2hub) -- C:\WINDOWS\system32\drivers\ousb2hub.sys (OrangeWare Corporation)DRV - (ousbehci) -- C:\WINDOWS\system32\drivers\ousbehci.sys (OrangeWare Corporation)DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://kr.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = koIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 08 8B 24 1C 5D CB 01 [binary data]IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0O1 HOSTS File: ([2010-09-19 20:13:57 | 000,000,746 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 nProtect.ncsoft.co.krO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (?TV ???) - {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (ALToolbarBho Class) - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)O3 - HKLM\..\Toolbar: (??! ??) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\ShellBrowser: (??(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (??(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (??(&L)) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)O4 - HKLM..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE (SEIKO EPSON CORPORATION)O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)O4 - HKLM..\Run: [Korean IME Migration] C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)O4 - HKCU..\Run: [secuWidgetRs.exe] C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe (CREFREE Co., Ltd.)O4 - HKLM..\RunOnce: [TSC] C:\Program Files\Trend Micro\Internet Security\tsc.exe (Trend Micro Inc.)O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\?? ??\????\??????\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1O9 - Extra Button: ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)O9 - Extra 'Tools' menuitem : ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)O9 - Extra Button: ????? ?? ?? - {0A07354E-A092-490f-9597-BA096721A26D} - Reg Error: Key error. File not foundO9 - Extra Button: ??? - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Live Writer? ???(& - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: ?? ????, 11?? - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - File not foundO9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} http://sticube.clubbox.co.kr/sticubeupdate...NowStarter2.cab (NowStarter2 Control)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} https://plugin.inicis.com/wallet61/INIwallet61.cab (INIwallet61 Control)O16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} http://ondisk.co.kr/setup/OnDiskWebControl.cab (OnDisk File Control)O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://image.cjmall.com/initech/plugin/dow...2010/INIS60.cab (INISAFEWeb6 V6 Class)O16 - DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} http://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB (Fdisk File Control 1)O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} https://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab (XPayMPIOCX Control)O16 - DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} http://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cab (GPKIInstallerX Class)O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} http://download.netmarble.net/ActiveX/NMAu....1_20091109.cab (NetmarbleAutoUpdater Class)O16 - DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} https://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cab (NCLoaderCtl Class)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1256884841828 (WUWebControl Class)O16 - DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} http://imbbs.imbc.com/controls/BBSFileUpload.cab (BBSFileUpload Control)O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} https://members.hangame.com/common/CKKeyProInst.cab (XecureCKKB Class)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1256985826281 (MUWebControl Class)O16 - DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} http://www.nhis.co.kr/real/DWSocket_NH.cab (DWSocket Control)O16 - DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} http://143.248.182.120/applex_wdigm/active...cyScannerXP.cab (PrivacyScannerXP Control)O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} http://www.x2game.com/Control/AutoPatchOCX.cab (AutoPatchOCX Control)O16 - DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} http://wo.tk.co.kr/webstarter/webstarter.cab (WebStarter Control)O16 - DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} http://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cab (OmlUMngClnt Class)O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://gcc.nefficient.co.kr/gcc/vista/xecu.../xw_install.cab (XecureWeb 4.0 Client Control)O16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} http://download.netmarble.net/ActiveX/NMAu...nfo_1.0.0.1.cab (NetmarbleSystemIDInfo Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} http://cs.hangame.com/hangame/js/mail/HGReport.cab (SpecAnalyzer Class)O16 - DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} http://ziofile.com/setver/ZioFileControl.cab (Zio File Control)O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://pann.nate.com/html/editor/CyPictureU.cab?20090430 (CyImage Class)O16 - DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} http://www.bomul.com/common/InnoFD/bomul_zdnet.cab (MainCtrl Class)O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab (V3D Client Control)O16 - DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} http://beefile.com/mmsv/BeefileWebControl.CAB (Beefile File Share Control 1)O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} http://download.netmarble.net/kdefence/kdfense8237.cab (Kdfense8 Control)O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.com/sayclub/sayctl/sayax.cab (Sayclub Login Control)O16 - DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} http://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cab (FileUpload_Invil Control)O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop.co.kr/ssl/MSecure.cab (MakeShop Secure Control)O16 - DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} http://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cab (KVPLoginCtl Control)O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://id.hangame.com/common/HanSetup1030.cab (HanSetupCtrl1010 Class)O16 - DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} http://muhanfile.net/p2p/ActiveX/SeverFileX.ocx (AXServerFileX Control)O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} http://cyimg7.cyworld.com/cymusic/package/skcinst.cab (SKCInst1 Class)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)O16 - DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} http://218.55.98.92/appx/pdpopax.cab (MyPdpopAX Class)O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} https://supdate.nprotect.net/nprotect2007/k...kcx_1004271.cab (NPKCX Control)O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} http://update.nprotect.net/nprotect2007/iprovest/npz2.cab (Npz Control)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} https://plugin.inicis.com/banktown/wallet/p...tPmntClient.cab (BtPmntClient Class)O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab (KvpIspCtlD Control)O16 - DPF: {E92BD7ED-2045-4EFD-BB85-46444C9F738C} https://dn2.realscan.co.kr/data/realscan/Re...an_Launcher.cab (Reg Error: Key error.)O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} https://web.teledit.com/Sign/SKCommAX.cab (SKCommAX Control)O16 - DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} http://toolbar.imbc.com/toolbar/setup/MBCXeb.cab (MBCXeb Control)O16 - DPF: {F67C8301-3928-4CAC-8914-16363551D293} http://www.iprovest.com/wts/object/KbcWeb.cab (KbcWebDesk Control)O16 - DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} http://i-plus.jssearch.net/ActiveX/IPlusInstall.cab (AxIPlusInstall)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\??.bmpO24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\??.bmpO28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 0O32 - AutoRun File - [2009-05-03 12:22:31 | 000,000,037 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{281ad56c-63be-11df-8659-0013d30d777a}\Shell\AutoRun\command - "" = awp.comO33 - MountPoints2\{281ad56c-63be-11df-8659-0013d30d777a}\Shell\open\Command - "" = awp.comO33 - MountPoints2\{734e2bae-cea3-11de-855a-0013d30d777a}\Shell\AutoRun\command - "" = awp.comO33 - MountPoints2\{734e2bae-cea3-11de-855a-0013d30d777a}\Shell\open\Command - "" = awp.comO34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*NetSvcs: 6to4 - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not found========== Files/Folders - Created Within 30 Days ==========[2010-09-27 18:22:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe[2010-09-25 22:06:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2010-09-25 21:40:30 | 001,253,712 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\wlsetup-web.exe[2010-09-25 19:52:24 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe[2010-09-25 19:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Windows-XP-WGA-Activation-Crack-reg-file[2010-09-25 19:40:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2010-09-25 19:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller[2010-09-25 19:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\GooredFix Backups[2010-09-25 19:36:30 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\GooredFix.exe[2010-09-25 15:36:18 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_37.dll[2010-09-25 15:36:18 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll[2010-09-25 15:36:18 | 000,681,472 | ---- | C] (KM-Software) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\msvcrt(DEBUG).dll[2010-09-25 15:36:18 | 000,329,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DXErr.exe[2010-09-25 15:36:18 | 000,209,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxcpl.exe[2010-09-25 15:36:18 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxgi.dll[2010-09-25 15:36:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmapi.dll[2010-09-25 15:36:17 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll[2010-09-25 15:36:17 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll[2010-09-25 15:36:16 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll[2010-09-25 15:36:16 | 001,162,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdllnew.dll[2010-09-25 15:36:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll[2010-09-25 15:36:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll[2010-09-25 15:36:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll[2010-09-25 15:36:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll[2010-09-25 15:36:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll[2010-09-25 15:36:16 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10.dll[2010-09-25 15:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final[2010-09-24 19:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Number Press[2010-09-24 18:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win[2010-09-20 15:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared[2010-09-20 15:51:48 | 004,413,883 | ---- | C] (isSoft ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\isposa.exe[2010-09-20 15:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPC[2010-09-19 21:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Demo_NumberPress_win[2010-09-19 20:32:17 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys[2010-09-19 20:32:16 | 000,059,472 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys[2010-09-19 20:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro[2010-09-19 20:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2010-09-19 19:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group[2010-09-19 19:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP[2010-09-19 19:53:37 | 000,661,808 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl[2010-09-19 19:53:34 | 001,322,680 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys[2010-09-19 19:53:34 | 000,230,928 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys[2010-09-19 19:53:34 | 000,089,872 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys[2010-09-19 19:53:34 | 000,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys[2010-09-19 18:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard[2010-09-19 16:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit[2010-09-19 16:48:32 | 037,781,272 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit.exe[2010-09-19 16:36:04 | 000,163,408 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2010-09-19 16:15:17 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\spybotsd162.exe[2010-09-19 15:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Hijack Fix[2010-09-19 15:59:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe[2010-09-19 15:59:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE[2010-09-19 15:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DesktopHijackFix[2010-09-18 18:25:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.MAIN1\Recent[2010-09-18 18:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean[2010-09-18 16:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor[2010-09-18 16:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools[2010-09-18 16:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Downloads[2010-09-18 16:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\GetRightToGo[2010-09-18 16:52:24 | 000,367,232 | ---- | C] (RegNow.com) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Download_7.0.0.538f-sdasetup-regnow201-AVP.exe[2010-09-18 16:36:05 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sy@[2010-09-18 16:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8[2010-09-18 16:22:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010-09-18 16:22:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010-09-18 16:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010-09-18 16:06:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch[2010-09-18 16:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\PowerPad[2010-09-18 16:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPad[2010-09-18 16:01:40 | 007,247,857 | ---- | C] (Nathan Osman ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\PowerPad_1_3_0_0.exe[2010-09-18 15:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ezbsedemo[2010-09-18 15:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\PrintMergeNum[2010-09-18 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Numbering[2010-09-18 15:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Deployment[2010-09-18 15:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ezbdemo[2010-09-14 21:14:37 | 000,242,360 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\TeCtrl.dll[2010-09-14 21:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared[2010-09-13 16:38:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Banktown[2010-09-12 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\GPKISecureWeb[2010-09-10 18:08:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup.exe[2010-09-10 17:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos[2010-09-06 20:04:23 | 000,207,456 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npkcmsvc.exe[2010-09-05 19:01:52 | 000,179,080 | ---- | C] (NKSolution) -- C:\WINDOWS\System32\uninst_everyclean.exe[2010-09-05 18:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Auto Styling Plugin[2010-09-05 18:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Cloud-Web[2010-09-05 18:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb[2010-09-05 18:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin[2010-09-03 19:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Windows Search[2010-09-03 17:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nate[2010-09-03 17:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\NATEON[2010-09-03 15:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\ClientKeeper[2010-09-03 15:10:13 | 000,039,944 | ---- | C] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS[2010-09-03 15:10:09 | 000,124,424 | R--- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKAgent.exe[2010-09-03 15:10:08 | 000,390,456 | ---- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\XecureCK.dll[2010-09-03 15:10:08 | 000,107,832 | ---- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKComObj.dll[2010-09-03 15:10:06 | 000,177,464 | ---- | C] (SoftForum Co. Ltd.) -- C:\WINDOWS\System32\CKApp.dll[2010-09-03 15:10:04 | 000,156,984 | ---- | C] (SoftForm Co. Ltd.) -- C:\WINDOWS\System32\Jrsoftcp.dll[2010-09-03 15:10:03 | 000,316,728 | ---- | C] (Softforum Co. Ltd.) -- C:\WINDOWS\System32\CKCrypto.dll[2010-08-31 17:25:22 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv9vcm.dll[2010-08-31 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ohmylove[2010-08-31 16:49:22 | 000,147,456 | ---- | C] ((?)???????) -- C:\WINDOWS\System32\kcp_ansimclick.dll[2010-08-30 20:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tcpip_optimize[2010-08-30 20:42:42 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ccsetup235.exe[2010-08-30 18:08:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup-1.46.exe[2010-08-29 18:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\ASITE[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010-09-27 19:39:26 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-09-27 18:22:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe[2010-09-27 18:13:56 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\RKUnhookerLE.EXE[2010-09-27 01:36:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job[2010-09-26 20:42:00 | 000,000,668 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0db54a977e38.job[2010-09-26 18:40:38 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\Internet Explorer\Quick Launch\????.url[2010-09-26 18:40:38 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\????.url[2010-09-26 17:02:50 | 000,048,345 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberPressPDF.pdf[2010-09-26 16:57:55 | 000,003,231 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberingSettings.np3[2010-09-26 16:26:53 | 000,000,009 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NumberPressPrefs3[2010-09-26 16:26:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NP_PDF_FilePath[2010-09-25 21:40:36 | 001,253,712 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\wlsetup-web.exe[2010-09-25 21:04:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-09-25 21:04:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-09-25 21:03:21 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Administrator.MAIN1\NTUSER.DAT[2010-09-25 21:03:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.MAIN1\ntuser.ini[2010-09-25 19:48:43 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-09-25 19:37:16 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller.zip[2010-09-25 19:36:33 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\GooredFix.exe[2010-09-25 19:01:28 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\HiJackThis.lnk[2010-09-25 19:00:35 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\HiJackThis.msi[2010-09-25 18:59:36 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe[2010-09-25 18:59:33 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE[2010-09-25 18:06:55 | 004,807,904 | -H-- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\IconCache.db[2010-09-25 15:36:19 | 000,003,016 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat[2010-09-25 15:36:08 | 000,716,153 | ---- | M] () -- C:\WINDOWS\System32\unins000.exe[2010-09-25 15:34:44 | 004,764,229 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final.zip[2010-09-25 09:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2010-09-24 19:01:32 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NPSN3[2010-09-24 19:00:38 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Number Press.lnk[2010-09-24 18:50:55 | 013,085,859 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win.zip[2010-09-20 15:52:12 | 004,413,883 | ---- | M] (isSoft ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\isposa.exe[2010-09-19 20:18:57 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Trend Micro AntiVirus plus AntiSpyware.lnk[2010-09-19 20:13:57 | 000,000,746 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010-09-19 19:53:37 | 000,661,808 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl[2010-09-19 19:53:34 | 000,089,872 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys[2010-09-19 18:52:41 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-09-19 16:48:38 | 037,781,272 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit.exe[2010-09-19 16:15:32 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\spybotsd162.exe[2010-09-18 21:20:43 | 004,719,523 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean.zip[2010-09-18 17:46:09 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Malwarebytes' Anti-Malware.lnk[2010-09-18 17:29:21 | 000,367,232 | ---- | M] (RegNow.com) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Download_7.0.0.538f-sdasetup-regnow201-AVP.exe[2010-09-18 16:03:37 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\powerpad.conf[2010-09-18 16:02:14 | 007,247,857 | ---- | M] (Nathan Osman ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\PowerPad_1_3_0_0.exe[2010-09-18 15:28:18 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\asentence.dat[2010-09-16 22:02:54 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\September 2010? ?? ??.lnk[2010-09-14 21:14:33 | 000,000,170 | ---- | M] () -- C:\WINDOWS\System32\npconf.md5[2010-09-14 21:02:47 | 000,000,310 | ---- | M] () -- C:\WINDOWS\System32\npzupdate.conf[2010-09-10 19:38:59 | 000,000,030 | ---- | M] () -- C:\Program Files\NOT[2010-09-10 18:34:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup.exe[2010-09-10 17:20:03 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sar_15_sfx.exe[2010-09-10 16:52:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\CCleaner.lnk[2010-09-10 16:52:20 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ccsetup235.exe[2010-09-08 07:18:00 | 000,021,884 | ---- | M] () -- C:\WINDOWS\System32\teexcept.dat[2010-09-06 21:32:01 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System32\p3downasx.asx[2010-09-06 20:04:23 | 000,207,456 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npkcmsvc.exe[2010-09-05 19:01:57 | 000,179,080 | ---- | M] (NKSolution) -- C:\WINDOWS\System32\uninst_everyclean.exe[2010-09-04 19:51:09 | 000,000,106 | ---- | M] () -- C:\WINDOWS\msecure.ini[2010-09-04 15:52:25 | 000,126,048 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\kcrtx86.sys[2010-09-04 15:52:25 | 000,017,160 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSUKD25.SYS[2010-09-04 15:52:24 | 000,039,944 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS[2010-09-03 17:20:51 | 000,001,413 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\????.lnk[2010-09-03 15:10:09 | 000,124,424 | R--- | M] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKAgent.exe[2010-09-01 17:09:28 | 000,126,976 | ---- | M] () -- C:\WINDOWS\KbcWebDesk.ocx[2010-08-31 16:49:22 | 000,147,456 | ---- | M] ((?)???????) -- C:\WINDOWS\System32\kcp_ansimclick.dll[2010-08-30 20:55:49 | 000,047,452 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\cc_20100830_205544.reg[2010-08-30 20:44:02 | 000,371,777 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tcpip_optimize.zip[2010-08-30 18:08:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup-1.46.exe[2010-08-30 17:02:57 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DelDomains.inf[2010-08-29 17:12:46 | 000,908,624 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-08-29 17:12:46 | 000,479,364 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-08-29 17:12:46 | 000,279,968 | ---- | M] () -- C:\WINDOWS\System32\perfh012.dat[2010-08-29 17:12:46 | 000,086,234 | ---- | M] () -- C:\WINDOWS\System32\perfc012.dat[2010-08-29 17:12:46 | 000,079,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]========== Files Created - No Company Name ==========[2010-09-27 18:23:21 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\EE1FB72E.exe[2010-09-27 18:13:55 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\RKUnhookerLE.EXE[2010-09-25 19:54:34 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job[2010-09-25 19:37:15 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller.zip[2010-09-25 19:01:03 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\HiJackThis.lnk[2010-09-25 19:00:27 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\HiJackThis.msi[2010-09-25 15:36:18 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg[2010-09-25 15:36:16 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll[2010-09-25 15:36:16 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll[2010-09-25 15:36:16 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll[2010-09-25 15:36:15 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll[2010-09-25 15:36:15 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe[2010-09-25 15:36:14 | 000,003,016 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat[2010-09-25 15:34:42 | 004,764,229 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final.zip[2010-09-24 19:01:32 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NPSN3[2010-09-24 19:00:38 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Number Press.lnk[2010-09-24 18:50:53 | 013,085,859 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win.zip[2010-09-20 15:52:38 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL[2010-09-19 21:22:48 | 000,048,345 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberPressPDF.pdf[2010-09-19 21:15:31 | 000,003,231 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberingSettings.np3[2010-09-19 21:03:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NP_PDF_FilePath[2010-09-19 21:03:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NumberPressPrefs3[2010-09-19 20:18:57 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Trend Micro AntiVirus plus AntiSpyware.lnk[2010-09-19 02:16:56 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-09-18 18:05:04 | 004,719,523 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean.zip[2010-09-18 16:22:22 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Malwarebytes' Anti-Malware.lnk[2010-09-18 16:02:48 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\powerpad.conf[2010-09-16 22:02:54 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\September 2010? ?? ??.lnk[2010-09-14 21:14:37 | 000,021,884 | ---- | C] () -- C:\WINDOWS\System32\teexcept.dat[2010-09-14 21:03:01 | 000,000,170 | ---- | C] () -- C:\WINDOWS\System32\npconf.md5[2010-09-14 21:02:47 | 000,000,310 | ---- | C] () -- C:\WINDOWS\System32\npzupdate.conf[2010-09-10 17:19:51 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sar_15_sfx.exe[2010-09-05 19:00:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\asentence.dat[2010-09-04 19:51:09 | 000,000,106 | ---- | C] () -- C:\WINDOWS\msecure.ini[2010-09-04 17:58:32 | 001,443,224 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1061.dll[2010-09-03 17:20:51 | 000,001,413 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\????.lnk[2010-09-01 17:09:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\KbcWebDesk.ocx[2010-08-31 17:56:45 | 000,000,030 | ---- | C] () -- C:\Program Files\NOT[2010-08-30 20:55:46 | 000,047,452 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\cc_20100830_205544.reg[2010-08-30 20:44:02 | 000,371,777 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tcpip_optimize.zip[2010-08-30 20:43:21 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\CCleaner.lnk[2010-08-30 19:42:51 | 000,000,249 | ---- | C] () -- C:\WINDOWS\System32\p3downasx.asx[2010-08-30 17:02:56 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DelDomains.inf[2010-08-28 19:42:46 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\fusioncache.dat[2010-07-30 17:18:04 | 000,066,920 | ---- | C] () -- C:\WINDOWS\CMListControl.dll[2010-07-07 17:10:16 | 000,000,135 | ---- | C] () -- C:\WINDOWS\pfwbase.INI[2010-07-07 17:09:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PFW3.INI[2010-07-07 17:09:12 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Averasell.ini[2010-07-07 17:08:39 | 000,000,444 | ---- | C] () -- C:\WINDOWS\retailer.ini[2010-06-17 16:06:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini[2010-06-13 19:09:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\nod.dll[2010-06-13 19:07:51 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini[2010-06-13 19:07:45 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini[2010-06-04 16:24:51 | 000,066,920 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll[2010-04-29 15:09:00 | 000,032,257 | ---- | C] () -- C:\WINDOWS\System32\DWSocket_DefinePacket_NH.ini[2010-04-29 11:04:58 | 000,000,313 | ---- | C] () -- C:\WINDOWS\System32\DWSocket_Set.ini[2009-11-24 09:54:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll[2009-10-30 04:25:25 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak[2009-10-30 04:25:25 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll[2009-10-30 04:15:54 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-10-30 02:26:42 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2009-10-30 02:24:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll[2009-04-30 23:35:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll[2009-04-10 13:19:32 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_JPN.dll[2009-04-10 13:19:26 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_CHN.dll[2009-04-10 13:19:20 | 000,103,904 | ---- | C] () -- C:\WINDOWS\System32\FU_ENG.dll[2009-04-10 13:19:14 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_KOR.dll[2009-04-06 17:16:34 | 000,596,512 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll[2008-05-26 22:23:12 | 000,011,810 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini[2008-05-26 22:23:10 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini[2008-05-26 22:23:10 | 000,011,886 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini[2008-03-20 05:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak[2008-03-20 05:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll[2008-03-13 02:19:56 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\netdrive.sys[2008-02-28 16:45:20 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\KvpLoginUpCom.dll[2004-06-23 12:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI[2003-08-28 15:44:28 | 000,000,211 | ---- | C] () -- C:\WINDOWS\drds.ini[2001-08-29 08:00:00 | 000,192,560 | ---- | C] () -- C:\WINDOWS\System32\hfont.sys[2001-08-29 08:00:00 | 000,056,505 | ---- | C] () -- C:\WINDOWS\System32\hbios.sys[2001-08-29 08:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys[2001-08-29 08:00:00 | 000,000,793 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys========== LOP Check ==========[2010-08-24 15:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\AppLauncher[2010-09-24 19:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\BitTorrent[2010-09-03 15:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\ClientKeeper[2009-10-30 13:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Clunet[2009-10-30 02:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\DAEMON Tools[2009-11-09 16:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\DAEMON Tools Lite[2009-10-30 02:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\DAEMON Tools Pro[2010-09-18 16:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\GetRightToGo[2009-11-12 18:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\GSplit[2010-09-18 16:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\PowerPad[2010-09-25 21:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\RayV[2010-08-20 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Wdigm[2010-08-28 18:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Windows Desktop Search[2010-09-03 19:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Windows Search[2009-10-30 03:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Wiz Solution[2010-09-26 18:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Clunet[2009-10-30 03:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite[2010-09-23 10:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp[2010-09-27 01:36:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2009-05-03 12:22:31 | 000,000,037 | ---- | M] () -- C:\AUTOEXEC.BAT[2009-10-30 02:08:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini[2001-08-29 08:00:00 | 000,654,336 | RHS- | M] () -- C:\bootfont.bin[2009-04-29 16:21:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2009-06-13 04:11:26 | 002,565,056 | ---- | M] (IObit ) -- C:\DefragSetup.exe[2007-08-07 00:35:10 | 000,005,325 | ---- | M] () -- C:\INISAFEWeb60.class[2009-04-29 16:21:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2009-04-29 16:21:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2007-08-07 00:35:10 | 000,155,776 | ---- | M] (INITECH ©) -- C:\npINISAFEWeb60.dll[2007-08-07 00:35:12 | 000,004,034 | ---- | M] () -- C:\npINISAFEWeb60.xpt[2004-08-03 09:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM[2009-05-03 02:36:06 | 000,259,776 | RHS- | M] () -- C:\ntldr[2010-09-25 21:04:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys[2009-06-10 05:44:54 | 001,079,272 | ---- | M] () -- C:\revosetup.exe[2009-06-14 05:17:15 | 000,000,017 | ---- | M] () -- C:\selog.txt[2009-06-17 03:20:20 | 000,194,896 | ---- | M] ((?)???? ???) -- C:\setup.exe[2009-06-14 05:21:13 | 000,013,042 | ---- | M] () -- C:\smartupdatelog.txt[2009-06-14 05:11:06 | 008,913,616 | ---- | M] () -- C:\tachysetup.exe[2010-09-25 19:40:40 | 000,073,254 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_25.09.2010_19.37.30_log.txt[2010-06-28 21:16:46 | 000,000,138 | ---- | M] () -- C:\TKLog.log[2009-06-13 04:49:02 | 000,261,295 | ---- | M] () -- C:\unlocker1.8.7.exe[2010-08-04 17:06:52 | 000,001,926 | ---- | M] () -- C:\u_log.log[2009-05-08 23:00:01 | 005,154,304 | ---- | M] () -- C:\WindowsDefender.msi< %systemroot%\system32\*.dll /lockedfiles >[2009-03-07 15:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll[2009-03-07 15:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll[2001-08-29 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd101a.dll[2001-08-17 01:55:56 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd103.dll[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]< %systemroot%\Tasks\*.job /lockedfiles >< %systemroot%\System32\config\*.sav >[2009-10-30 11:01:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav[2009-10-30 11:01:00 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav[2009-10-30 11:01:00 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav< %systemroot%\system32\drivers\*.sys /90 >[2010-07-19 14:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys[2010-07-19 14:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys[2010-07-19 14:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys[2010-09-19 19:53:34 | 000,089,872 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2008-07-06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll========== Alternate Data Streams ==========@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp:DFC5A2B2< End of report >Hello NetizenWelcome to Malwarebytes.=====================Download OTL to your desktop.Double click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click CloseCopy the entire contents of the report and paste it in your next reply.Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?" Link to post Share on other sites More sharing options...
Netizen Posted September 28, 2010 Author ID:319627 Share Posted September 28, 2010 i did what you told me to do but data is enormousOTL Extras logfile created on: 2010-09-27 ?? 6:24:38 - Run 1OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator.MAIN1\My DocumentsWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000412 | Country: ???? | Language: KOR | Date Format: yyyy-MM-dd1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free3.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 149.04 Gb Total Space | 52.66 Gb Free Space | 35.33% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive J: | 14.31 Gb Total Space | 13.65 Gb Free Space | 95.36% Space Free | Partition Type: FAT32Computer Name: MAIN1Current User Name: AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htafile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [GomAudio.Add] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe /add "%1" ((?)???)Directory [GomAudio.AddCur] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe /addcur "%1" ((?)???)Directory [GomAudio.Play] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe "%1" ((?)???)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Program Files\OnDisk\OnDiskHighDown.exe" = C:\Program Files\OnDisk\OnDiskHighDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()"C:\Program Files\OnDisk\ExpressService.exe" = C:\Program Files\OnDisk\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\ZioFile\ZioFileHighDown.exe" = C:\Program Files\ZioFile\ZioFileHighDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()"C:\Program Files\ZioFile\ExpressService.exe" = C:\Program Files\ZioFile\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)"C:\Program Files\Fdisk.co.kr\Fdisk(fast)\FdiskDown.exe" = C:\Program Files\Fdisk.co.kr\Fdisk(fast)\FdiskDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()"C:\Program Files\Fdisk.co.kr\Fdisk(fast)\ExpressService.exe" = C:\Program Files\Fdisk.co.kr\Fdisk(fast)\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)"C:\Program Files\OnDisk\OnDiskHighDown.exe" = C:\Program Files\OnDisk\OnDiskHighDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()"C:\Program Files\OnDisk\ExpressService.exe" = C:\Program Files\OnDisk\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\ZioFile\ZioFileHighDown.exe" = C:\Program Files\ZioFile\ZioFileHighDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()"C:\Program Files\ZioFile\ExpressService.exe" = C:\Program Files\ZioFile\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)"C:\WINDOWS\system32\skcbgm.exe" = C:\WINDOWS\system32\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player -- (© SK Communications)"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)"C:\WINDOWS\system32\fscagent.exe" = C:\WINDOWS\system32\fscagent.exe:*:Enabled:???? ???? ?? -- (Nowcom Co., Ltd.)"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- (RayV)"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- (RayV)"C:\Program Files\OnDisk\OnDiskDown.exe" = C:\Program Files\OnDisk\OnDiskDown.exe:*:Enabled:OnDiskDown -- (?????)"C:\Program Files\QuickDownloadService\qdownservice.exe" = C:\Program Files\QuickDownloadService\qdownservice.exe:*:Enabled:QuickDownloadSvc -- (Innogrid, Inc)"C:\Program Files\Fdisk.co.kr\Fdisk(fast)\FdiskDown.exe" = C:\Program Files\Fdisk.co.kr\Fdisk(fast)\FdiskDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()"C:\Program Files\Fdisk.co.kr\Fdisk(fast)\ExpressService.exe" = C:\Program Files\Fdisk.co.kr\Fdisk(fast)\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)"C:\Program Files\NATEON\BIN\NateOnMain.exe" = C:\Program Files\NATEON\BIN\NateOnMain.exe:*:Enabled:NATE ON -- (SK Communications)"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live ??? ??"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{25203851-E8E6-497D-997A-56808936E6E5}" = Windows Live Call"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20"{2C63941E-7EBA-4024-9CEB-604ACE80E5BB}" = Windows Live ?? ???"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform"{350C97B2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{3E1A672F-1E3C-4BF8-91BD-78FD5478EEA5}" = Microsoft .NET Framework 1.1 ??? ?? ?"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{564D4DC8-2D0F-4F95-BB3D-8C5EA7952DD7}" = Windows Live ??"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{697E41EA-AEBE-4B5F-884E-87B5CD6C70AC}" = ????"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update"{90120000-0010-0412-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Korean) 12"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{90120000-0015-0412-0000-0000000FF1CE}" = Microsoft Office Access MUI (Korean) 2007"{90120000-0015-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0412-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Korean) 2007"{90120000-0016-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0412-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Korean) 2007"{90120000-0018-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0412-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Korean) 2007"{90120000-0019-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0412-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Korean) 2007"{90120000-001A-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0412-0000-0000000FF1CE}" = Microsoft Office Word MUI (Korean) 2007"{90120000-001B-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2007"{90120000-001F-0412-0000-0000000FF1CE}_PROPLUS_{B017C4D5-E774-4A94-A8E3-380489B86F47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007"{90120000-0028-0412-0000-0000000FF1CE}_PROPLUS_{15281683-B481-47B8-A981-7043F35441FF}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-002C-0412-0000-0000000FF1CE}" = Microsoft Office Proofing (Korean) 2007"{90120000-0044-0412-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Korean) 2007"{90120000-0044-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0412-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Korean) 2007"{90120000-006E-0412-0000-0000000FF1CE}_PROPLUS_{54E2904F-86F8-459E-AADA-FE0D01DDDC5E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{949102BC-7C05-4902-A4AA-A3CC01CF5163}" = Windows Live ?? ???"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro AntiVirus"{9F3F78EB-8C52-4D09-ADE2-BA82DB64D3ED}" = Windows Live ??? ???"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support"{A9EB7CB8-AF4C-4B46-9FBF-1B866C5EF517}" = SecuWidgetRs ????"{AC76BA86-7AD7-1042-7B44-A93000000001}" = Adobe Reader 9.3.3 - Korean"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver"{B7D14513-966A-4EB1-AA48-70A9E0C0E9FA}_is1" = Number Press 5.0.1"{B7F653CF-1BE5-4F40-BA4A-E3BBC6869116}" = ????2 Forever"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D5B157DC-8550-457E-8944-32E8C5693F7B}" = Windows Live Messenger"{D8ED9FC9-5E05-4BFE-8219-73070F70FDBB}" = Windows Live Sync"{E80F2EF6-1D18-4090-BBE1-C98F11E84EDE}" = Windows Live Writer"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard"{F44CB7E4-870C-4021-B1F9-0CF352200519}_is1" = QuickDownloadService"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio"11stIcon" = ?? ????, 11?? ???? ???"???? ???" = ???? ???"???? ???" = ???? ???"???? ???????" = ???? ???????"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"All ATI Software" = ATI - Software Uninstall Utility"ALToolBar_is1" = ???"ALUpdate_is1" = ??? ????"ALZip_is1" = ??"ATI Display Driver" = ATI Display Driver"Auto Mouse_is1" = Auto Mouse 1.3"Auto Styling Plugin" = Auto Styling Plugin"BitTorrent" = BitTorrent"CCleaner" = CCleaner"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3"DtsFilter" = DTS+AC3 ??"EPSON Printer and Utilities" = EPSON Printer Software"EPSON Scanner" = EPSON Scan"FormatFactory" = FormatFactory 2.50"GOM Player" = ?????"GomAudio" = ????"GomTVHelper" = ?TV ??? ??"GPKISM" = GPKISecureWeb"GSplit3Set" = GSplit 3"HanSetup" = ??? ?? ????"HP Drive Key Boot Utility" = HP Drive Key Boot Utility"ie8" = Windows Internet Explorer 8"kdefense" = K-Defense8 Control - ??? ??"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"MPEG2??(libmpeg2/mad)" = MPEG2??(libmpeg2/mad)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"NateAddrSrch" = ??? ??? ??"npkcxp" = nProtect KeyCrypt"npnv4" = nProtect Netizen(remove only)"Ohmylove" = ????? (Remove Only)"Privacy Scanner Setup_is1" = ActiveX 1.0"PROPLUS" = Microsoft Office Professional Plus 2007"RayV" = RayV-MIM"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4"Starcraft" = Starcraft"TK_BadBall" = Game ???"TK_ClubChat" = TKGame ????"TK_ClubGostop" = Game ???"TK_ClubPoker" = TKGame ????"TK_FunMatgo" = Game ??"TK_PozzleOnline" = Game ??"TK_searcheye" = TKGame ???? ????"UnINISafeWeb6" = INISafeWeb 6.0"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WinLiveSuite_Wave3" = Windows Live ?? ???"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"XecureCK" = ClientKeeper KeyPro with E2E for 32bit"XecureWeb Control" = XecureWeb Control"Yahoo! Companion" = ??! ??"Yahoo! Software Update" = Yahoo! Software Update========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"OnDisk" = ????"ZioFile" = ????========== Last 10 Event Log Errors ==========[ Application Events ]Error - 2010-09-19 ?? 7:52:04 | Computer Name = MAIN1 | Source = Windows Search Service | ID = 3013Description = ?? ?? ?? <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.MAIN1\MY DOCUMENTS\SYSCLEAN\TSC.PTN>?(?) ????? ? ????. ????: ?? ????, SystemIndex ???? ???: ???? ??? ??? ???? ????. (0x8007001f)Error - 2010-09-19 ?? 7:52:04 | Computer Name = MAIN1 | Source = Windows Search Service | ID = 3013Description = ?? ?? ?? <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.MAIN1\MY DOCUMENTS\SYSCLEAN\VSAPI32.DLL>?(?) ????? ? ????. ????: ?? ????, SystemIndex ???? ???: ???? ??? ??? ???? ????. (0x8007001f)Error - 2010-09-19 ?? 7:52:04 | Computer Name = MAIN1 | Source = Windows Search Service | ID = 3013Description = ?? ?? ?? <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.MAIN1\MY DOCUMENTS\SYSCLEAN\VSAPI32.DLL>?(?) ????? ? ????. ????: ?? ????, SystemIndex ???? ???: ???? ??? ??? ???? ????. (0x8007001f)Error - 2010-09-19 ?? 7:52:53 | Computer Name = MAIN1 | Source = Windows Search Service | ID = 3013Description = ?? ?? ?? <C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\?? ??\????\MCAFEE\MCAFEE ?? ????.LNK>?(?) ????? ? ????. ????: ?? ????, SystemIndex ???? ???: ???? ??? ??? ???? ????. (0x8007001f) Error - 2010-09-19 ?? 7:58:22 | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11500Description = Product: SpyHunter -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.Error - 2010-09-20 ?? 3:53:27 | Computer Name = MAIN1 | Source = Application Error | ID = 1000Description = ?? ?? ?? ???? iexplore.exe, ?? 8.0.6001.18702, ?? ?? ?? mshtml.dll, ?? 8.0.6001.18939, ?? ?? 0x00013fdf.Error - 2010-09-20 ?? 7:27:40 | Computer Name = MAIN1 | Source = Application Error | ID = 1000Description = ?? ?? ?? ???? ziofilehighdown.exe, ?? 2.0.1.19, ?? ?? ?? kernel32.dll, ?? 5.1.2600.5781, ?? ?? 0x00012afb.Error - 2010-09-24 ?? 4:40:52 | Computer Name = MAIN1 | Source = Application Error | ID = 1000Description = ?? ?? ?? ???? ziofilehighdown.exe, ?? 2.0.1.19, ?? ?? ?? kernel32.dll, ?? 5.1.2600.5781, ?? ?? 0x00012afb.Error - 2010-09-24 ?? 6:15:47 | Computer Name = MAIN1 | Source = Application Error | ID = 1000Description = ?? ?? ?? ???? ziofilehighdown.exe, ?? 2.0.1.19, ?? ?? ?? unknown, ?? 0.0.0.0, ?? ?? 0x0005014c.Error - 2010-09-26 ?? 9:24:12 | Computer Name = MAIN1 | Source = Application Error | ID = 1000Description = ?? ?? ?? ???? iexplore.exe, ?? 8.0.6001.18702, ?? ?? ?? mshtml.dll, ?? 8.0.6001.18939, ?? ?? 0x00109174.[ System Events ]Error - 2010-08-14 ?? 6:23:08 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony ???? ?????: %%1058Error - 2010-08-14 ?? 6:23:08 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony ???? ?????: %%1058Error - 2010-08-14 ?? 6:23:14 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony ???? ?????: %%1058Error - 2010-08-14 ?? 6:23:18 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony ???? ?????: %%1058Error - 2010-08-14 ?? 6:23:19 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony ???? ?????: %%1058Error - 2010-08-14 ?? 6:23:25 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony ???? ?????: %%1058Error - 2010-08-14 ?? 6:23:30 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony ???? ?????: %%1058Error - 2010-08-14 ?? 10:55:15 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony ???? ?????: %%1058Error - 2010-08-15 ?? 2:59:48 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony ???? ?????: %%1058Error - 2010-08-15 ?? 4:49:27 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony ???? ?????: %%1058< End of report > Link to post Share on other sites More sharing options...
Netizen Posted September 28, 2010 Author ID:319645 Share Posted September 28, 2010 i did what you told me to do. but data is enormousRkU Version: 3.8.388.590, Type LE (SR2)==============================================OS Name: Windows XPVersion 5.1.2600 (Service Pack 3)Number of processors #1==============================================>Drivers==============================================0xB85C0000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 4124672 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))0xBF0CA000 C:\WINDOWS\System32\ati3duag.dll 2666496 bytes (ATI Technologies Inc. , ati3duag.dll)0x804D9000 C:\WINDOWS\system32\ntkrnlpa.exe 2068480 bytes (Microsoft Corporation, NT Kernel & System)0x804D9000 PnpManager 2068480 bytes0x804D9000 RAW 2068480 bytes0x804D9000 WMIxWDM 2068480 bytes0xBF800000 Win32k 1855488 bytes0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)0xB8C10000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1585152 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)0xADDF7000 C:\WINDOWS\system32\DRIVERS\vsapint.sys 1318912 bytes (Trend Micro Inc., VsapiNT )0xBF355000 C:\WINDOWS\System32\ativvaxx.dll 1134592 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)0xB8A7F000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)0xB9EB4000 PCI_PNP3966 995328 bytes0xB9EB4000 spch.sys 995328 bytes0xB9EB4000 sptd 995328 bytes0xB89CF000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 720896 bytes (Conexant Systems, Inc., HSF_CNXT driver)0xB9D2A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)0xB01B7000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)0xB8499000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)0xB02D9000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)0xAD47D000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)0xADD86000 C:\WINDOWS\system32\DRIVERS\tmxpflt.sys 299008 bytes (Trend Micro Inc., Post Filter For XP)0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)0xACE47000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 258048 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)0xB8563000 C:\WINDOWS\System32\Drivers\awkmg2wm.SYS 233472 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)0xB8B7C000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 233472 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)0xBF094000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)0xB84F7000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)0xB9E6E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)0xAD5EC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)0xB9CFD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)0xAD220000 C:\WINDOWS\system32\drivers\tmcomm.sys 184320 bytes (Trend Micro Inc., TrendMicro Common Module)0xB024F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)0xB02B1000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)0xB9E18000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)0xB0191000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)0xAC56F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)0xB859C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))0xB8BD8000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)0xB8BB5000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)0xB028F000 C:\WINDOWS\System32\drivers\afd.sy@ 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)0x806D2000 ACPI_HAL 131840 bytes0x806D2000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)0xB9DE0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)0xB89AF000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )0xB9E3E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)0xB9CE3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)0xB9E00000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)0xB0179000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes0xB9E9C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)0xB9DB7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)0xB8538000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))0xACBAE000 C:\WINDOWS\system32\drivers\tmactmon.sys 90112 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)0xB027A000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 86016 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))0xADA01000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)0xB854F000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)0xB8BFC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)0xB0332000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)0xB9DCE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)0xB9E5D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)0xB8527000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)0xBA1D8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)0xBA1F8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)0xBA138000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)0xBA188000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)0xBA218000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)0xADB66000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)0xACD1F000 C:\WINDOWS\system32\drivers\tmevtmgr.sys 61440 bytes (Trend Micro Inc., TrendMicro Event Management Module)0xBA2B8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)0xBA0B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)0xBA2C8000 C:\WINDOWS\system32\DRIVERS\ousb2hub.sys 57344 bytes (OrangeWare Corporation, USB 2.0 Hub Driver)0xBA208000 C:\WINDOWS\system32\DRIVERS\redbook.sys 57344 bytes (Microsoft Corporation, Redbook Audio Filter Driver)0xB8DB3000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)0xBA238000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)0xBA198000 C:\WINDOWS\system32\DRIVERS\tmpreflt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)0xBA228000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 49152 bytes (Microsoft Corporation, i8042 Port Driver)0xB8DA3000 C:\WINDOWS\System32\Drivers\ousbehci.sys 49152 bytes (OrangeWare Corporation, USB 2.0 Enhanced Host Controller Driver)0xBA258000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)0xBA168000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)0xB8D93000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)0xBA248000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)0xBA288000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)0xBA278000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)0xBA318000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)0xAD090000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)0xBA0C8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)0xBA268000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)0xBA148000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)0xABEBC000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)0xBA178000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)0xBA400000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)0xBA380000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)0xBA468000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)0xBA4A8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)0xBA4A0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)0xBA470000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)0xBA490000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)0xBA438000 C:\WINDOWS\system32\npkakl.sys 24576 bytes (INCA Internet Co.,Ltd., nProtect KeyCrypt Driver)0xBA370000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)0xBA378000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)0xBA480000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)0xBA488000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)0xBA478000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)0xBA3F8000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)0xBA398000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)0xADF89000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)0xAD4E8000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)0xB9CAB000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)0xADD76000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)0xB8445000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)0xBA59C000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)0xB9395000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)0xBA578000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)0xBA5A0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)0xBA54C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)0xBA5F8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)0xBA612000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes0xBA5F6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)0xBA5FA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)0xBA5CA000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)0xBA5FC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)0xBA5E0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)0xBA5E6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)0xBA671000 amdide.sys 4096 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)0xBA73A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)0xBA7AD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)0xBA6BC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)0x899961F8 unknown_irp_handler 3592 bytes0x8908C1F8 unknown_irp_handler 3592 bytes0x890151F8 unknown_irp_handler 3592 bytes0x899E01F8 unknown_irp_handler 3592 bytes0x899981F8 unknown_irp_handler 3592 bytes0x8979E1F8 unknown_irp_handler 3592 bytes0x8981B1F8 unknown_irp_handler 3592 bytes0x890E31F8 unknown_irp_handler 3592 bytes0x896BB440 unknown_irp_handler 3008 bytes0x897E9500 unknown_irp_handler 2816 bytes0x89007500 unknown_irp_handler 2816 bytes Link to post Share on other sites More sharing options...
Netizen Posted September 28, 2010 Author ID:319666 Share Posted September 28, 2010 i did what you told me to do. but data is enormous==============================================>Stealth==============================================WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]==============================================>Files==============================================!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\Office\OIS12.pip!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\OIS\Toolbars.dat!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Cookies\administrator@blue.crossmedia.co[5].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Cookies\administrator@nate[6].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Cookies\administrator@tiara.daum[6].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Cookies\administrator@www.daum[6].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11F002FE-CA97-11DF-8699-0013D30D777A}.dat!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A6800B5E-CA96-11DF-8699-0013D30D777A}.dat!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D382D062-CA6B-11DF-8699-0013D30D777A}.dat::$DATA!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\OIS\OIScatalog.cag!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12831370120141454[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12832416150806336[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12839292350275598[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12840770690355169[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\1284619596_351[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\1285306137_974[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12855600940182816[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12855655130434366[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12855740970096643[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\2010092749481_2010092820651[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\2010092750911_2010092820121[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\31299299685761072[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\400034(0)-550240_35677[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\blank[2].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\bs_hd_20100331[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\btn_paging3_next2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\btn_v03[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\bt_arrow_v03[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\bt_sendcheck[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\CKJeans7_100910_240x240_nate[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\coca_auth[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\cogle[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\CommonNameUI[5].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\CommonTextGNB[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\Common[3].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\Common[4].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\contentScroller[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\crossdomain[2].xml!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\dmimg_w1_bt2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\dmimg_w1_bt3[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\dmimg_w1_i01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\empty[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\expand_nor[1]!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\favicon[2].ico!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\fileAttach[1].css!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\fix_ad_right[2].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\help_box[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\hmEXAPI[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\h_ajax[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\h_event[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\ico_cmtsum2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\ico_minus[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\ico_plus_01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\ico_up[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\ico_v05[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\img_dot02[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\Index[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\i_ebts[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\jigu[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\l1_ationnet_com[3].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\List[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\loading_12[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\login[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\MailCompose[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\main_swf_20100125[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nak21_1_100924144249[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nanaichi_1_100907172900[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nano26634266317789072[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nano30756551545329072[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nano30756569306479072[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nano30756589122964072[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\news_v20090930[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\num_v02[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\OhKf-Kzx0bw[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\pinkbanana_1_100618183650[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\post_20100804v1[2].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\RecentCookie[6].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\smartak[1].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\updown[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\vico_plus[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\12837520090498819[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1284456828_998[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\12845279600648736[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285293277_178[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285578981_908[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285598396_749[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285628739_984[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285630810_753[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285631433_688[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285632809_236[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\2010092366041_2010092485791[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\20100926_1285497350_43064800_1[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\201009280015[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\31303401261851072[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\31439103.2[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\8687(9)[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\bar_icon[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\bd_superex_280x150_11_2[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\bt_arrow_a01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\bt_function[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\cocodemiel_1_100915105828[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\CommonNameUI[2].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\CommonTextGNB[3].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\Common[2].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\Common[3].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\composeUI[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\daumeditor_hanmail.esc[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\daum_1_100701154920[2].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\daum_1_100730173902[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ddress_1_100913161933[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\display_dcm[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\dmimg_v3_ico2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\editor.esc[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\editor[1].css!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\embed[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\farucam_1_100913090901[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\favicon[3].ico!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\garma_1_100910145809[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\gerio_1_100827154406.23.01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\hanmailNew[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ib0610_1_100914122146[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ico_beple[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ico_bl01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ico_font_arrow[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ico_le01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ico_twitter[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ic_newletter[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\i_arrow03[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\i_readcaution[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\mcList[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\missjini_1_100906142610[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\nano30224995164511655[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\news_data_v20090930[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ogage_1_100927101853[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\OpenSearch[1].xml!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\PaperCatePlus[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\paper[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\retrievePersonAlert_forNate[1].asp!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\secure_common[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\sency_1_100908124854[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\set_ico_realtime_pop[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\set_title_svc5[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\style1_1_100914143038[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\stylegood_1_100830230101[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\styleonme_1_100924165344[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\tabswelcome[1]!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\tlswns562_1_100927130259[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\vintagebrothers_1_100914123259[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ws2_room20_1_100907095910[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\zinif_1_100903125535[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\100928_091528659[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\1284952279_018[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\12853174910300467[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\12855655330566428[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\1285570966_445[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\12855722010672657[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\1285631047_071[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\2010092750911_2010092716551[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\2010092802010431742002[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\30157643507265655[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\31303330634096072[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\aden08_1_100924165541[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ade_imp[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\AdRectangleBanner[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\adSpace[3].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\adSpace[4].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ad_process[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bagazimuri_1_100917141233[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bg_layer_logout[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\btn_icon[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\btn_paging3_last2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bt_close[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bt_mail[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bt_period06_off[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bt_period07_on[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ch_view[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\close_nor[2]!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\connect[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\cyLogout[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\daum_1_100903114215[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\djsdjs_1_100916133642[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\dmimg_w1_bar2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\dmimg_w1_bt5.[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\dmimg_w1_ch1[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\drag_bg_mid[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\endudqq1_1_100920160018[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\hanmail[1].css!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\help_16[1]!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\help_arrow_t[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\help_line[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ico_connecting[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ico_down[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ico_help_a01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ico_vs01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ioh0423[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\i_next[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\jsonStock[1].aspx!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\l1_ationnet_com[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\layer01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\list[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\List[2].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\minidaum2008[1].css!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\multiview[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\nano31377097320259072[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\nano31377957837024072[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\news@dual_enter_left_x22[1].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\news_data_v20090930[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\prototype[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\raa[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\rakun_1_100831151642[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\RealClickCPC[10].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\RecentCookie[6].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\searchWeatherInfo[2].xml!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\search_input_n[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\search_script_top_ci_100720[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\securelogin_nate[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\sonatural_1_100927104102[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\spe_roadview_v02[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\tx_btn[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\usedhunter_1_100916160311[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\userJS[1].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ViewAD[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\wysiwyg_html[1].html!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\zinif_1_100909111052[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1264627875133_1[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285375604_542[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\12855436670177538[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285547182_652[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285571173_190[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285574928_249[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285630426_821[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285630712_042[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285631400_603[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\2010092745791_2010092716361[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\201009280444276486_b[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\30230082933164655[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\31291488724194072[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\activeXman2010[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\a_next[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bak_logo[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bar_mid[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\btn_refesh[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bt_login_s[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bt_mailsave[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bt_period03_off[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bt_regi_s[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bt_udel[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bul_arrowdown02[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\b_mypeople[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\chocomom_1_100927185238[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\common[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\CyLogoutMsg[1].aspx!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\cyQuick[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\daum_1_100730173845[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\daum_1_100903111710[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\dee_220x170_v01_line[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\diet26_1_100805103751[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\dmimg_v3_ico1[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\dmimg_w1_ch[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\dnshop_1_100927170355[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\fashionplus_1_100927151135[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\gseshop_1_100927151306[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\h_util[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\ico_star_a001[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\ic_menu003[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\ic_plus[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\ikai_1_100920131843[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\jsonBgmList_v20091125[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\loading_17[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\login_ifrm_level[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\menuManager[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\minidaum_v01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\nano30230263086378655[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\onestyle_1_100901102022[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\reple_v201009[1].css!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\reply[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\rs_swf_20100125[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\searchWeatherInfo[1].xml!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\searchWeatherInfo[2].xml!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\shinhan_top_430x105_0916_1[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\ssamppongbros_1_100917223659[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\SSI_20100928005012_V[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\sugg[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\takugong_1_100924135234[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\theaction_1_100830155727[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\top[1]!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\tx_icon_img[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\tx_icon_img_disable[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\updown[6].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\userJS[1].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\userJS[2].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\vbt_save[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\websvc[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\{img_src}[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\12831360520536778[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285565021_876[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\128557722473_1[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285581082458_1[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285629444_781[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285630259_175[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285632137_027[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285632851_075[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\30195917940454655[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\31341570349459072[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\andstyle_1_100924135206[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\artcVod[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bg_box_v04[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bg_top_v01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\blank[2].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\btn_confirm02[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\btn_c_spread[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\btn_paging3_first2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_close_n[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_none[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_period02_off[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_release[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_search04[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_sendcancel[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CommonNameUI[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CommonTab[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CommonTextGNB[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CY120323_10[1].eot!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CY123323_10[1].eot!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CY126387_10[1].eot!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\cyWebFont[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\dmimg_v_bt4_n[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\dmimg_v_ico4[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\fix_ad_center[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\fix_ad_right_side[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\hanmailNew[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\hanmail[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\helloyunsu_1_100927121021[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\httpRequester[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\ico_arrow03[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\ico_dotline01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\img_color_n[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\list[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\loading2[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\MailCompose[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\MailLeft[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\mbox[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\nano30694254799670072[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\nano31051062991339072[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\news@dual_enter_right_x22[1].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\njoyny_1_100927165009[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\oneShot[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\rank[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\sendPost[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\set_ico_realtime_arrow[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\set_tit_connect4[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\shesnara_1_100913162223[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\Skin_bs_HD_255170_100331[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\Skin_top_general_430105_100118[2].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\tootoomall_1_100924181734[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\top_20100824v1[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\tx_icon_img_hovered[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\tx_icon_img_pushed[2].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\ui_common[1].css!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\uploader[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\userJS[1].txt!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\view[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\wotonet[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\xSelect[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\100914_title_newletter[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1284534904_557[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1284952149_347[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\12853134830242505[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285574934_308[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285622193447_1[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285628681_407[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285628706_829[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285631227_674[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285631307_987[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285633247_044[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\20100901_seoul_430x105_b[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\30151666111947655[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\30166856421005655[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\30232343318198655[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\38843[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\46241[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\blank[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\boriboris_1_100927105548[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\btn_arrow_up[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\btn_login_v2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\btn_report3[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\bt_period04_off[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\bt_period05_off[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\cal_num01_m[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\coca_conf[1].xml!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\collapse_nor[2]!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\CommonNameUI_kr[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\Common[2].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\danilove_1_100907142459[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\daumtrans[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\dmimg_v3_ico1[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\dmimg_w1_bt1[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\dmimg_w1_bt6[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\dmimg_w1_i06[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\dnshop_1_100927135337[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\DraftSave[1].daum!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\ico_help_a02[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\ico_new[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\ico_persnal[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\i_auto[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\i_calendar[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\i_plus[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\jsonEmpasRealKeyword[1].aspx!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\jsonPopApps_v20100630[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\kookja_1_100927163645[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\leftmenu_on_b_n2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\livechat1[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\lotteimall_1_100927155620[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\luvme_1_100927101446[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\MailComposeFrame[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\mnu_v25[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\N2010092809114625301[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\nano30177982517913655[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\nano30231939449168655[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\nh_56x112_0813qt[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\prototype[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\raa[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\recent[1]!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\search[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\SecuWidgetRs[1].ver!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\SecuWidgetRs[2].ver!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\shespop_1_100909205231[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\sms[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\StarMarker[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\unset_cookie[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\vmUB-QeuyRoJ[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\xhrAES[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\yourfesta_1_100902175128[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\zJ07TEA-NLc[4].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1284619588_256[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1285306131_721[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\12855623710162384[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\12855663460637263[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1285580452_726[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1285630654_126[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1285632263_473[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1285632679_329[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\2010092702010431742001[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\30145838707313655[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\30153959817487655[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\46241[2].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\4ezzi_1_100831163130[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\ActiveX[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\aorine1_1_100910163042[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bg_replay_tab[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bi_v4[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_add02[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_addre_spr02[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_delivery_a01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_del_a01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_icon[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_search02[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_spam[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\close2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\coca[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\CommonNameUI[2].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\CommonTextGNB[3].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\CommonTextGNB[4].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\daum_1_100903113847[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\dong_woori_0924_595x100[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\fashionplus_1_100927161717[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\favicon[1].ico!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\folderManage[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\gseshop_1_100908095705[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\iamyurii_1_100830140919[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\ico_goodreply[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\ic_menu001[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\ic_new2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\im_wtool_02[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\istyle24_1_100927135913[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\i_next_dim[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\i_prev_dim[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\jsonGiftStore_v20090930[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\ldh1061_1_100916235908[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\loginoutClick[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\logo2010[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\lotte_1_100927164019[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\mailLeft[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\minidaum2008[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\nano30229621658295655[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\news@text_bottom2[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\news_v20090930[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\progress_01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\queenslook_1_100920091743[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\recent[1]!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\reg2[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\SameName_h_suggest[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\samsungmall_1_100924155342[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\search[4].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\section_common[1].css!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\set_ip[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\set_nate[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\shopping_data[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\superstari_1_100924135407[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\t2r_1_100917110547[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\tiara[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\xecure_blank[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\Y1WKVJN2mjvXHNvXsiyl[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\100913_letter_new[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1283245263063491[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1284534990_021[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1285571095_971[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1285629599_255[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1285631984_945[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1285632789_076[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1285633126_232[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\20100927n23626[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\30145335882079655[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\31290548370763072[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\31299621102471072[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\31341511177142072[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\31341525791742072[1].png!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\31439103.2[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\AC_RunActiveContent[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\adBOX[1].css!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\a_next02[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\a_pre02[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bgSearch_n[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bg[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bg_login2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bg_login_tab2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bl_bar[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bl_vline[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bl_vline[2].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\btn_l_input[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\btn_paging3_prev2[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\btn_user_find[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bt_all_a01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bt_arrow_01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bt_delbla[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bt_more_n[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bt_search_n[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\cjmall_1_100927104230[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\CommonNameUI[2].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\CommonNameUI[3].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\CommonTextGNB[3].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\common[3].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\Common[4].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\Common_kr[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\gmarket_1_100927163636[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\ico_am03_n[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\ico_star_a004[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\iehouse_1_100923230207[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\img_colorbar_n[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\img_div_01[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\img_dot03[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\img_music[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\i_pre[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\l1_ationnet_com[2].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\login_20100817v1[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\minime_view[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\multiview[1].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\nano29568279477851655[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\nate_logout_v20091201[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\NewTabPageScripts[1]!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\pinkyfun_1_100927165434[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\rolling[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\search_txt[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\section_enter[1].css!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\Skin_top_blank_general_56112_100126[1].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\SSI_20100928084752_V[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\styleking7_1_100915150711[1].jpg!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\tiara[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\ticker[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\websvc[2].htm!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\xecure_nate[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\xecure_nate[2].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\xhrAES[1].js!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\zinif_1_100903130214[1].gif!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\zJ07TEA-NLc[3].swf!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\OIS\cacheFiles\bankinf_0.JPG!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF26FB.tmp!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DFC377.tmp!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\MSS0060E.log!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.ci!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.dir!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid!-->[Hidden] C:\Downloads\2010???????????????100922\Thumbs.db!-->[Hidden] C:\System Volume Information\_restore{80C5C6EA-B565-4F44-A018-8DB1B873AFA8}\RP21\A0007671.lnk!-->[Hidden] C:\System Volume Information\_restore{80C5C6EA-B565-4F44-A018-8DB1B873AFA8}\RP21\A0007672.lnk!-->[Hidden] C:\System Volume Information\_restore{80C5C6EA-B565-4F44-A018-8DB1B873AFA8}\RP21\A0007673.lnk==============================================>Hooks==============================================ntkrnlpa.exe+0x0006AA9A, Type: Inline - RelativeJump 0x80543A9A-->80543AA1 [ntkrnlpa.exe][1664]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F51218-->00000000 [shimeng.dll][1664]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77E210B4-->00000000 [shimeng.dll][1664]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll][1664]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7D5A15A4-->00000000 [shimeng.dll][1664]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77CF133C-->00000000 [shimeng.dll][1664]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3F2314B0-->00000000 [shimeng.dll][1664]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719E109C-->00000000 [shimeng.dll][176]EXCEL.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C81495D-->00000000 [MSO.DLL][6100]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F51218-->00000000 [shimeng.dll][6100]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F51214-->00000000 [aclayers.dll][6100]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F5105C-->00000000 [aclayers.dll][6100]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F511E0-->00000000 [aclayers.dll][6100]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77E210B4-->00000000 [shimeng.dll][6100]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77E21084-->00000000 [aclayers.dll][6100]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77E21078-->00000000 [aclayers.dll][6100]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77E210B8-->00000000 [aclayers.dll][6100]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll][6100]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll][6100]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll][6100]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll][6100]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71981178-->00000000 [shimeng.dll][6100]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71981184-->00000000 [aclayers.dll][6100]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719811A0-->00000000 [aclayers.dll][6100]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7D5A15A4-->00000000 [shimeng.dll][6100]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7D5A13E8-->00000000 [aclayers.dll][6100]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7D5A163C-->00000000 [aclayers.dll][6100]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7D5A161C-->00000000 [aclayers.dll][6100]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7D5A15A0-->00000000 [aclayers.dll][6100]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77D0D0A3-->00000000 [ieframe.dll][6100]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x77D36D7D-->00000000 [ieframe.dll][6100]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77D12072-->00000000 [ieframe.dll][6100]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x77D1B144-->00000000 [ieframe.dll][6100]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x77D047AB-->00000000 [ieframe.dll][6100]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77CF133C-->00000000 [shimeng.dll][6100]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77CF12F4-->00000000 [aclayers.dll][6100]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77CF1208-->00000000 [aclayers.dll][6100]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77CF1340-->00000000 [aclayers.dll][6100]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x77D3085C-->00000000 [ieframe.dll][6100]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x77D30838-->00000000 [ieframe.dll][6100]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x77D1A082-->00000000 [ieframe.dll][6100]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x77D464D5-->00000000 [ieframe.dll][6100]iexplore.exe-->wininet.dll-->HttpOpenRequestA, Type: Inline - RelativeJump 0x3F24D508-->00000000 [McIEPlg.dll][6100]iexplore.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3F249088-->00000000 [McIEPlg.dll][6100]iexplore.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3F24DEAE-->00000000 [McIEPlg.dll][6100]iexplore.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3F24654B-->00000000 [McIEPlg.dll][6100]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3F2314B0-->00000000 [shimeng.dll][6100]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3F2314B4-->00000000 [aclayers.dll][6100]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3F231450-->00000000 [aclayers.dll][6100]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3F231350-->00000000 [aclayers.dll][6100]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719E109C-->00000000 [shimeng.dll][6100]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719E10A8-->00000000 [aclayers.dll][896]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C7E0E27-->00000000 [mssrch.dll][896]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C7E0E2C [unknown_code_page][896]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C7E0E2D [unknown_code_page] Link to post Share on other sites More sharing options...
kahdah Posted September 28, 2010 ID:319824 Share Posted September 28, 2010 HiJack This! Forum PolicyWe will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.For you this means Windows-XP-WGA-Activation-Crack-reg-file and any torrent program needs to be deleted and or uninstalled.Please do this before proceeding.===================================Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:OTLSRV - (EE1FB72E) -- C:\WINDOWS\system32\EE1FB72E.exe ()DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\45.tmp File not found:Commands[emptytemp]Then click the Run Fix button at the topLet the program run unhindered, reboot when it is doneIt will produce a log for you on reboot, please post that log in your next reply.==========Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
Netizen Posted September 29, 2010 Author ID:320169 Share Posted September 29, 2010 Here is Combofix reportComboFix 10-09-27.05 - Administrator 2010-09-28 20:08:10.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.949.82.1042.18.1406.896 [GMT -4:00]Running from: c:\documents and settings\Administrator.MAIN1\?? ??\ComboFix.exeAV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Administrator.MAIN1\?? ??\?? ????, 11??.urlc:\documents and settings\Administrator.MAIN1\Favorites\?? ????, 11??.urlc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin\auto_user.inic:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWebc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_book.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_cafename.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_img@sub1.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_map.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_allblog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_cwlink.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_digg.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_flickr.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_metoday.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_mixsh.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_myspace.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_seq.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_spon20.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_spon20b.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_twitter.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_yahoonews.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_youtube.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_allweb.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_bestweb.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_hotopic.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_qna.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_book.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_loc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_newsrank.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_qna.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_sementic.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_seq.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_shopping.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_sranking.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_book.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_cafename.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_img@sub1.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_map.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_allblog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_cwlink.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_digg.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_flickr.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_metoday.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_mixsh.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_myspace.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_seq.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_spon20.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_spon20b.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_twitter.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_yahoonews.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_youtube.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_font_home.cstc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_allweb.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_bestweb.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_hotopic.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_qna.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_book.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_loc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_newsrank.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_qna.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_sementic.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_seq.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_shopping.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_sranking.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\define.datc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\form_cst.templatec:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\form_data.formc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_cafename.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_img@sub1.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_book.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_cafename.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_img@sub1.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_shopphow.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_allblog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_cwlink.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_digg.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_flickr.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_metoday.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_mixsh.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_myspace.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_seq.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_spon20.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_spon20b.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_twitter.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_yahoonews.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_youtube.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_font_home.cstc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_book.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_newsrank.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_qna.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_sementic.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_seq.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_shopping.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_rsword.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_shoppinglist.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_sranking.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_book.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_cafename.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_img@sub1.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_map.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_allblog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_cwlink.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_digg.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_flickr.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_metoday.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_mixsh.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_myspace.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_seq.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_spon20.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_spon20b.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_twitter.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_yahoonews.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_youtube.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_font_home.cstc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_allweb.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_bestweb.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_hotopic.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_qna.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_sranking.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_book.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_cafename.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_img@sub1.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_map.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_allblog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_cwlink.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_digg.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_flickr.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_metoday.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_mixsh.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_myspace.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_seq.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_spon20.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_spon20b.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_tistory.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_twitter.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_yahoonews.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_youtube.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_font_home.cstc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_allweb.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_bestweb.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_hotopic.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_qna.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_book.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_loc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_newsrank.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_qna.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_sementic.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_seq.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_shopping.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_blog.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_cafe.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_img.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_kin.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_news.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_person.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_person2.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_related.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_site.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_sranking.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_video.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_webdoc.frmc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\site.datc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\status.datc:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\user.inic:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\version.datc:\documents and settings\Administrator.MAIN1\My Documents\cc_20100830_205544.regc:\documents and settings\Administrator.MAIN1\My Documents\cidaemon.exec:\documents and settings\Administrator\Application Data\hdnpatch.exec:\documents and settings\LocalService.NT AUTHORITY.005\Local Settings\Application Data\AutoStylingPlugin\auto_user.inic:\documents and settings\LocalService.NT AUTHORITY.005\Local Settings\Application Data\CloudWebc:\program files\AskSearch\bin\DefaultSearch.dllc:\program files\Auto Styling Plugin\auto_plugin.dllc:\program files\Auto Styling Plugin\info.urlc:\program files\Auto Styling Plugin\uninst.exec:\program files\Cloud-Webc:\program files\Cloud-Web\cloud_uins.datc:\program files\Cloud-Web\homepage.urlc:\program files\Cloud-Web\intro.urlc:\program files\Cloud-Web\uninst.exec:\program files\Natec:\program files\Nate\AddressSearch\instcpl.icoc:\program files\Nate\AddressSearch\intro.icoc:\program files\Nate\AddressSearch\kl.datc:\program files\Nate\AddressSearch\uninstall.exeC:\setup.exec:\windows\dhcpc:\windows\system32\d3d10core.dllc:\windows\system32\kernel32new.dllc:\windows\system32\msvcrtnew.dllc:\windows\system32\npkpdb.dllc:\windows\system32\npz.ocx.((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 ))))))))))))))))))))))))))))))).2010-09-28 23:41 . 2010-09-28 23:41 -------- d-----w- C:\_OTL2010-09-28 20:24 . 2010-09-28 20:24 -------- d-----w- c:\program files\Recuva2010-09-25 23:52 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe2010-09-25 23:40 . 2010-09-25 23:40 -------- d-----w- C:\TDSSKiller_Quarantine2010-09-25 23:01 . 2010-09-25 23:01 388096 ----a-r- c:\documents and settings\Administrator.MAIN1\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2010-09-24 23:00 . 2010-09-24 23:00 -------- d-----w- c:\program files\Number Press2010-09-20 21:46 . 2010-09-20 21:46 8675536 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip812.exe2010-09-20 19:52 . 1999-01-20 09:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL2010-09-20 19:52 . 2010-09-20 19:52 -------- d-----w- c:\program files\Common Files\Borland Shared2010-09-20 19:51 . 2010-09-20 19:51 -------- d-----w- c:\program files\PowerPC2010-09-20 00:32 . 2010-07-19 18:03 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys2010-09-20 00:32 . 2010-07-19 18:03 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys2010-09-20 00:18 . 2010-09-20 00:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Trend Micro2010-09-20 00:17 . 2010-09-25 23:01 -------- d-----w- c:\program files\Trend Micro2010-09-19 23:58 . 2010-09-19 23:58 -------- d-----w- c:\program files\Enigma Software Group2010-09-19 23:53 . 2010-09-19 23:53 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys2010-09-19 23:53 . 2010-07-30 17:29 249424 ----a-w- c:\windows\system32\drivers\tmxpflt.sys2010-09-19 23:53 . 2010-07-30 17:29 36432 ----a-w- c:\windows\system32\drivers\tmpreflt.sys2010-09-19 23:53 . 2010-07-30 17:06 1331512 ----a-w- c:\windows\system32\drivers\vsapint.sys2010-09-19 22:01 . 2010-09-19 22:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2010-09-19 20:36 . 2010-07-19 18:02 163408 ----a-w- c:\windows\system32\drivers\tmcomm.sys2010-09-19 19:59 . 2010-09-25 23:27 -------- d-----w- c:\program files\Desktop Hijack Fix2010-09-19 19:59 . 2010-09-25 22:59 249856 ------w- c:\windows\Setup1.exe2010-09-19 19:59 . 2010-09-25 22:59 73216 ----a-w- c:\windows\ST6UNST.EXE2010-09-19 19:45 . 2010-09-18 20:25 1085208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.exe2010-09-19 19:45 . 2010-09-18 20:25 587032 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgiproxy.exe2010-09-19 19:45 . 2010-09-18 20:25 1437464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.dll2010-09-19 19:45 . 2010-09-18 20:25 755992 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avginet.dll2010-09-19 06:16 . 2010-09-19 22:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat2010-09-19 02:15 . 2010-09-19 02:15 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.005\?? ??2010-09-18 20:55 . 2010-09-19 21:31 -------- d-----w- c:\program files\Spyware Doctor2010-09-18 20:55 . 2010-09-19 21:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools2010-09-18 20:52 . 2010-09-18 20:54 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\GetRightToGo2010-09-18 20:25 . 2010-09-19 20:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg82010-09-18 20:22 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-09-18 20:22 . 2010-09-18 21:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-09-18 20:22 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-09-18 20:02 . 2010-09-18 20:02 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\PowerPad2010-09-18 20:02 . 2010-09-18 20:03 -------- d-----w- c:\program files\PowerPad2010-09-18 19:53 . 2010-09-20 19:47 -------- d-----w- c:\program files\PrintMergeNum2010-09-18 19:48 . 2010-09-20 01:17 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\Deployment2010-09-15 01:14 . 2010-09-08 11:18 21884 ----a-w- c:\windows\system32\teexcept.dat2010-09-15 01:14 . 2010-06-16 15:47 242360 ----a-w- c:\windows\system32\TeCtrl.dll2010-09-15 01:02 . 2010-09-15 01:14 -------- d-----w- c:\program files\Common Files\INCA Shared2010-09-13 20:38 . 2010-09-13 20:38 -------- d--h--w- c:\program files\Banktown2010-09-12 21:13 . 2010-09-12 21:13 -------- d-----w- c:\program files\GPKISecureWeb2010-09-10 21:20 . 2010-09-10 21:20 -------- d-----w- c:\program files\Sophos2010-09-07 00:04 . 2010-09-07 00:04 207456 ----a-w- c:\windows\system32\npkcmsvc.exe2010-09-05 23:01 . 2010-09-05 23:01 179080 ----a-w- c:\windows\system32\uninst_everyclean.exe2010-09-05 23:01 . 2010-09-29 00:12 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.005\Local Settings\Application Data\AutoStylingPlugin2010-09-05 23:00 . 2010-09-18 19:28 28 ----a-w- c:\windows\system32\asentence.dat2010-09-05 22:59 . 2010-09-29 00:12 -------- d-----w- c:\program files\Auto Styling Plugin2010-09-05 22:59 . 2010-09-29 00:11 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin2010-09-04 21:58 . 2010-08-12 19:26 1443224 ----a-w- c:\windows\system32\HanWebMsg1061.dll2010-09-03 23:52 . 2010-09-03 23:52 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Windows Search2010-09-03 21:20 . 2010-09-03 21:22 -------- d-----w- c:\program files\NATEON2010-09-03 19:10 . 2010-09-03 19:10 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\ClientKeeper2010-09-03 19:10 . 2010-09-04 19:52 39944 ----a-w- c:\windows\system32\JRSKD24.SYS2010-09-03 19:10 . 2010-09-03 19:10 124424 ----a-r- c:\windows\system32\CKAgent.exe2010-09-03 19:10 . 2009-10-15 23:54 107832 ----a-w- c:\windows\system32\CKComObj.dll2010-09-03 19:10 . 2009-10-15 23:54 390456 ----a-w- c:\windows\system32\XecureCK.dll2010-09-03 19:10 . 2009-10-15 23:54 177464 ----a-w- c:\windows\system32\CKApp.dll2010-09-03 19:10 . 2009-10-15 23:54 156984 ----a-w- c:\windows\system32\Jrsoftcp.dll2010-09-03 19:10 . 2009-10-15 23:54 316728 ----a-w- c:\windows\system32\CKCrypto.dll2010-08-31 21:25 . 2003-06-23 15:44 1415680 ----a-w- c:\windows\system32\wmv9vcm.dll2010-08-31 21:20 . 2010-09-05 20:35 -------- d-----w- c:\program files\Ohmylove2010-08-31 20:49 . 2010-08-31 20:49 147456 ----a-w- c:\windows\system32\kcp_ansimclick.dll.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-09-29 00:13 . 2009-06-09 09:53 -------- d-----w- c:\program files\QuickDownloadService2010-09-28 22:18 . 2010-06-04 19:48 -------- d-----w- c:\program files\muhanfile2010-09-28 19:03 . 2009-05-29 18:30 -------- d-----w- c:\program files\Windows Live2010-09-28 00:18 . 2009-10-30 17:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Clunet2010-09-26 01:42 . 2009-05-29 18:31 -------- d-----w- c:\program files\Microsoft2010-09-26 01:04 . 2010-06-15 04:09 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\RayV2010-09-25 22:09 . 2009-05-03 10:20 -------- d-----w- c:\program files\Spybot - Search & Destroy2010-09-25 22:01 . 2009-10-30 06:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help2010-09-25 19:36 . 2010-09-25 19:36 3016 ----a-w- c:\windows\system32\unins000.dat2010-09-25 19:36 . 2010-09-25 19:36 716153 ----a-w- c:\windows\system32\unins000.exe2010-09-24 23:18 . 2010-06-13 23:04 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\BitTorrent2010-09-24 20:41 . 2010-06-04 19:58 -------- d-----w- c:\program files\ZioFile2010-09-23 14:32 . 2009-10-30 17:40 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Temp2010-09-20 01:01 . 2009-10-30 07:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy2010-09-20 00:18 . 2009-10-30 06:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee2010-09-20 00:17 . 2009-05-01 12:21 -------- d-----w- c:\program files\McAfee2010-09-20 00:17 . 2009-05-01 12:21 -------- d-----w- c:\program files\Common Files\McAfee2010-09-15 00:44 . 2009-11-09 21:57 -------- d-----w- c:\program files\NCLoader2010-09-11 01:52 . 2010-06-05 23:08 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Malwarebytes2010-09-11 01:52 . 2010-06-05 23:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes2010-09-10 23:38 . 2010-08-31 21:56 30 ----a-w- c:\program files\NOT2010-09-10 20:52 . 2009-04-29 20:48 -------- d-----w- c:\program files\CCleaner2010-09-04 22:57 . 2010-07-16 23:59 -------- d-----w- c:\program files\iplus2010-09-04 19:52 . 2010-07-20 00:39 17160 ----a-w- c:\windows\system32\JRSUKD25.SYS2010-09-04 19:52 . 2010-07-20 00:39 126048 ----a-w- c:\windows\system32\kcrtx86.sys2010-09-04 07:52 . 2009-06-30 18:05 -------- d-----w- c:\program files\OnDisk2010-09-03 21:20 . 2009-04-29 20:30 -------- d--h--w- c:\program files\InstallShield Installation Information2010-08-29 22:20 . 2010-06-13 23:04 -------- d-----w- c:\program files\BitTorrent2010-08-29 22:05 . 2010-08-29 22:04 -------- d-----w- c:\program files\ASITE2010-08-29 21:12 . 2001-08-29 12:00 86234 ----a-w- c:\windows\system32\perfc012.dat2010-08-29 21:12 . 2001-08-29 12:00 279968 ----a-w- c:\windows\system32\perfh012.dat2010-08-29 00:13 . 2010-08-28 22:29 -------- d-----w- c:\program files\Windows Desktop Search2010-08-28 23:42 . 2010-08-28 23:42 142 ----a-w- c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\fusioncache.dat2010-08-28 23:39 . 2010-08-28 23:39 -------- d-----w- c:\program files\beefile.com2010-08-28 23:04 . 2009-05-01 10:47 -------- d-----w- c:\program files\Microsoft.NET2010-08-28 22:58 . 2010-08-28 22:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition2010-08-28 22:49 . 2010-06-20 04:33 83992 ----a-w- c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2010-08-28 22:30 . 2010-08-28 22:30 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Windows Desktop Search2010-08-28 22:27 . 2010-08-28 22:27 -------- d-----w- c:\program files\Windows Media Connect 22010-08-25 00:50 . 2010-08-25 00:50 -------- d-----w- c:\program files\FreeTime2010-08-24 23:41 . 2010-08-24 23:33 -------- d-----w- c:\program files\QuickTime2010-08-24 23:39 . 2010-08-24 23:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer2010-08-24 23:37 . 2010-08-24 23:37 -------- d-----w- c:\program files\Common Files\Apple2010-08-24 23:37 . 2010-08-24 23:37 -------- d-----w- c:\program files\Apple Software Update2010-08-24 23:37 . 2010-08-24 23:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple2010-08-24 19:52 . 2010-08-24 19:52 -------- d-----w- c:\program files\DataDoctorRecovery2010-08-24 19:21 . 2010-08-23 19:50 770048 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\MakeBootable.exe2010-08-24 19:21 . 2010-08-23 19:50 667648 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\Data Recovery.exe2010-08-24 19:21 . 2010-08-23 19:50 561152 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\PCLock.exe2010-08-24 19:21 . 2010-08-23 19:50 53248 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\WinLockDLL.dll2010-08-24 19:21 . 2010-08-23 19:50 462848 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\SecretZip.exe2010-08-24 19:21 . 2010-08-23 19:50 2695168 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\DataSync.exe2010-08-24 19:21 . 2010-08-23 19:50 208896 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\Reset.exe2010-08-24 19:21 . 2010-08-23 19:50 1294336 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\LOCK.exe2010-08-24 19:21 . 2010-08-23 19:50 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher2010-08-23 20:00 . 2010-08-23 20:00 -------- d-----w- c:\program files\Compaq2010-08-20 20:17 . 2010-07-20 00:04 73728 ----a-w- c:\windows\system32\kdfapi.dll2010-08-20 20:17 . 2010-07-20 00:04 47104 ----a-w- c:\windows\system32\Kdfhok.dll2010-08-20 20:17 . 2010-07-20 00:04 159744 ----a-w- c:\windows\system32\kdfmgr.exe2010-08-20 19:48 . 2010-08-20 19:47 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Wdigm2010-08-20 19:48 . 2010-08-20 19:47 707354 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Wdigm\unins000.exe2010-08-17 20:10 . 2010-08-17 20:10 -------- d-----w- c:\program files\CREFREE2010-08-17 13:17 . 2004-08-03 15:53 58880 ----a-w- c:\windows\system32\spoolsv.exe2010-08-17 00:16 . 2010-08-17 00:16 -------- d-----w- c:\program files\Microsoft Silverlight2010-08-05 20:14 . 2010-08-05 20:14 503808 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7100f383-n\msvcp71.dll2010-08-05 20:14 . 2010-08-05 20:14 61440 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39dea26a-n\decora-sse.dll2010-08-05 20:14 . 2010-08-05 20:14 499712 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7100f383-n\jmc.dll2010-08-05 20:14 . 2010-08-05 20:14 348160 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7100f383-n\msvcr71.dll2010-08-05 20:14 . 2010-08-05 20:14 12800 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39dea26a-n\decora-d3d.dll2010-07-30 21:16 . 2010-07-30 21:18 485320 ----a-w- c:\windows\skcppl.dll2010-07-30 21:16 . 2010-07-30 21:18 296904 ----a-w- c:\windows\skcaset1.dll2010-07-30 21:16 . 2010-07-30 21:16 296904 ----a-w- c:\windows\system32\skcaset1.dll2010-07-30 21:16 . 2010-06-04 20:24 485320 ----a-w- c:\windows\system32\skcppl.dll2010-07-23 19:11 . 2010-07-16 21:15 542040 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\ESTsoft\ALZip\ALAd.dll2010-07-22 15:48 . 2004-08-03 15:53 590848 ----a-w- c:\windows\system32\rpcrt4.dll2010-07-22 06:19 . 2008-05-04 22:25 8192 ----a-w- c:\windows\system32\xpsp4res.dll2010-07-20 00:37 . 2010-07-20 00:37 1093632 ----a-w- c:\windows\system32\inicrypto30.dll2010-07-20 00:04 . 2010-07-20 00:04 61440 ----a-w- c:\windows\system32\kdfmod.dll2010-07-20 00:04 . 2010-07-20 00:04 373248 ----a-w- c:\windows\system32\kdfinj.dll2010-07-10 19:49 . 2010-07-10 20:00 361816 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\ESTsoft\ALCM\ALCMUpdate.exe2008-03-09 11:25 . 2010-09-25 19:36 236 ----a-w- c:\program files\Common Files\dx.reg.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]"RayV"="c:\program files\RayV\RayV\RayV.exe" [2010-06-07 2561320]"SecuWidgetRs.exe"="c:\program files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe" [2010-09-14 390328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]c:\documents and settings\All Users.WINDOWS\?? ??\????\??????\Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412] Ime File REG_SZ IMKR12.IME[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\OnDisk\\OnDiskHighDown.exe"="c:\\Program Files\\OnDisk\\ExpressService.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\ZioFile\\ZioFileHighDown.exe"="c:\\Program Files\\ZioFile\\ExpressService.exe"="c:\\WINDOWS\\system32\\skcbgm.exe"="c:\\Program Files\\BitTorrent\\bittorrent.exe"="c:\\WINDOWS\\system32\\fscagent.exe"="c:\\Program Files\\RayV\\RayV\\RayV.exe"="c:\\Program Files\\RayV\\RayV\\RayV.dll"="c:\\Program Files\\OnDisk\\OnDiskDown.exe"="c:\\Program Files\\QuickDownloadService\\qdownservice.exe"="c:\\Program Files\\Fdisk.co.kr\\Fdisk(fast)\\FdiskDown.exe"="c:\\Program Files\\Fdisk.co.kr\\Fdisk(fast)\\ExpressService.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 ?? 1:16 130384]R2 ExpressService;ExpressService;c:\program files\ZioFile\ExpressService.exe [2009-10-05 ?? 8:49 1306624]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-09-18 ?? 4:22 304464]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [2010-06-05 ?? 4:18 88176]R2 npkakl;npkakl;c:\windows\system32\npkakl.sys [2010-03-09 ?? 11:17 31328]R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2009-10-30 ?? 2:23 45824]R2 QuickDownload Agent;QuickDownload Agent;c:\program files\QuickDownloadService\qdownagent.exe [2009-06-09 ?? 5:53 110592]R2 QuickDownload Service;QuickDownload Service;c:\program files\QuickDownloadService\qdownservice.exe [2009-06-09 ?? 5:53 106496]R2 QuickDownload Update;QuickDownload Update;c:\program files\QuickDownloadService\qdownupdate.exe [2009-06-09 ?? 5:53 94208]R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-09-19 ?? 7:53 36432]R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 ?? 6:19 13592]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-09-18 ?? 4:22 20952]R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2009-10-30 ?? 2:23 56960]R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-09-19 ?? 8:32 51792]R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-09-19 ?? 8:32 689416]S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 ?? 7:22 136176]S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-09-03 ?? 3:10 39944]S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-07-19 ?? 8:39 126048]S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 ?? 1:16 753504]S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-10-30 ?? 2:26 691696].Contents of the 'Scheduled Tasks' folder2010-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0db54a977e38.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 23:22]2010-09-29 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 10:20]..------- Supplementary Scan -------.uStart Page = about:blankIE: {{71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmal...;tid=1000105205DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cabDPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61.cabDPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cabDPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://image.cjmall.com/initech/plugin/download_2010/INIS60.cabDPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} - hxxp://www.fdisk.co.kr/mmsv/FdiskWebControl.CABDPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxps://mpi.dacom.net/XPayMPI/XPayMPIOCX.cabDPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} - hxxp://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cabDPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1_20091109.cabDPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cabDPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} - hxxp://imbbs.imbc.com/controls/BBSFileUpload.cabDPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://members.hangame.com/common/CKKeyProInst.cabDPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} - hxxp://www.nhis.co.kr/real/DWSocket_NH.cabDPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} - hxxp://143.248.182.120/applex_wdigm/activex//PrivacyScannerXP.cabDPF: {79419762-2D03-48F8-A63E-0544D95143DE} - hxxp://www.x2game.com/Control/AutoPatchOCX.cabDPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} - hxxp://wo.tk.co.kr/webstarter/webstarter.cabDPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} - hxxp://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cabDPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://gcc.nefficient.co.kr/gcc/vista/xecureweb/v7.2.3.3/xw_install.cabDPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cabDPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} - hxxp://cs.hangame.com/hangame/js/mail/HGReport.cabDPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} - hxxp://ziofile.com/setver/ZioFileControl.cabDPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://pann.nate.com/html/editor/CyPictureU.cab?20090430DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} - hxxp://www.bomul.com/common/InnoFD/bomul_zdnet.cabDPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cabDPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} - hxxp://beefile.com/mmsv/BeefileWebControl.CABDPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/kdfense8237.cabDPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cabDPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} - hxxp://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cabDPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} - hxxp://ssl.makeshop.co.kr/ssl/MSecure.cabDPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} - hxxp://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cabDPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://id.hangame.com/common/HanSetup1030.cabDPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} - hxxp://muhanfile.net/p2p/ActiveX/SeverFileX.ocxDPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cabDPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} - hxxp://218.55.98.92/appx/pdpopax.cabDPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} - hxxps://plugin.inicis.com/banktown/wallet/plugin/BtPmntClient.cabDPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cabDPF: {E92BD7ED-2045-4EFD-BB85-46444C9F738C} - hxxps://dn2.realscan.co.kr/data/realscan/RealScan_Launcher.cabDPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} - hxxp://toolbar.imbc.com/toolbar/setup/MBCXeb.cabDPF: {F67C8301-3928-4CAC-8914-16363551D293} - hxxp://www.iprovest.com/wts/object/KbcWeb.cabDPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} - hxxp://i-plus.jssearch.net/ActiveX/IPlusInstall.cab.- - - - ORPHANS REMOVED - - - -Toolbar-Locked - (no file)HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exeAddRemove-Auto Styling Plugin - c:\program files\Auto Styling Plugin\uninst.exeAddRemove-NateAddrSrch - c:\program files\Nate\AddressSearch\uninstall.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-09-28 20:13Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]"ImagePath"="\SystemRoot\System32\drivers\afd.sy@".--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\S-1-5-21-1177238915-1677128483-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,90,47,59,e3,fe,31,42,a6,3c,a2,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,7d,fd,11,f6,e8,ff,48,ba,41,92,\"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,d7,93,f5,38,36,55,4c,81,28,b9,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(700)c:\windows\system32\Ati2evxx.dllc:\windows\system32\IMKR12.IME.Completion time: 2010-09-28 20:16:25ComboFix-quarantined-files.txt 2010-09-29 00:16Pre-Run: 65,371,971,584 ??? ??Post-Run: 66,786,971,648 ??? ??WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect- - End Of File - - 46337C22B5FC969755C986DC66E8A0D4 Link to post Share on other sites More sharing options...
Netizen Posted September 29, 2010 Author ID:320174 Share Posted September 29, 2010 Here is OTL reportAll processes killed========== OTL ==========Error: No service named EE1FB72E was found to stop!Service\Driver key EE1FB72E not found.File C:\WINDOWS\system32\EE1FB72E.exe not found.Service MEMSWEEP2 stopped successfully!Service MEMSWEEP2 deleted successfully!File C:\WINDOWS\System32\45.tmp File not found not found.========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 57798738 bytes->Temporary Internet Files folder emptied: 33707464 bytes->Java cache emptied: 25493434 bytes->Flash cache emptied: 735 bytesUser: Administrator.MAIN1->Temp folder emptied: 56300039 bytes->Temporary Internet Files folder emptied: 62869399 bytes->Java cache emptied: 145269 bytes->Flash cache emptied: 10477 bytesUser: Administrator.MAIN1.003->Temp folder emptied: 38082319 bytes->Temporary Internet Files folder emptied: 5928475 bytes->Flash cache emptied: 405 bytesUser: ADMINI~1~MAIUser: All UsersUser: All Users.WINDOWSUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: Default User.WINDOWS->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: LocalService.NT AUTHORITY->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 15505872 bytes->Flash cache emptied: 633 bytesUser: LocalService.NT AUTHORITY.000->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: LocalService.NT AUTHORITY.001->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: LocalService.NT AUTHORITY.002->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: LocalService.NT AUTHORITY.003->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 157423 bytesUser: LocalService.NT AUTHORITY.004->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 869987 bytesUser: LocalService.NT AUTHORITY.005->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 461541 bytes->Flash cache emptied: 618 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 402 bytesUser: NetworkService.NT AUTHORITY->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33237 bytesUser: NetworkService.NT AUTHORITY.000->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 402 bytesUser: NetworkService.NT AUTHORITY.001->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: NetworkService.NT AUTHORITY.002->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 402 bytesUser: NetworkService.NT AUTHORITY.003->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: NetworkService.NT AUTHORITY.004->Temp folder emptied: 314934 bytes->Temporary Internet Files folder emptied: 33170 bytesUser: NetworkService.NT AUTHORITY.005->Temp folder emptied: 72160 bytes->Temporary Internet Files folder emptied: 140680 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 3328762 bytes%systemroot%\System32 .tmp files removed: 946052 bytes%systemroot%\System32\dllcache .tmp files removed: 235008 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 41351764 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytesRecycleBin emptied: 1468460865 bytesTotal Files Cleaned = 1,729.00 mbOTL by OldTimer - Version 3.2.14.1 log created on 09282010_194109Files\Folders moved on Reboot...File\Folder C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\Perflib_Perfdata_684.dat not found!C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF1CF1.tmp moved successfully.C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF2006.tmp moved successfully.C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF2019.tmp moved successfully.C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF22D7.tmp moved successfully.C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF22EA.tmp moved successfully.C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\iframe[1].htm moved successfully.C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\index[1].htm moved successfully.C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
kahdah Posted September 29, 2010 ID:320178 Share Posted September 29, 2010 Update Run MalwarebytesPlease update\run Malwarebytes' Anti-Malware.Double Click the Malwarebytes Anti-Malware icon to run the application.Click on the update tab then click on Check for updates.If an update is found, it will download and install the latest version.Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.=====Please do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post. Link to post Share on other sites More sharing options...
Netizen Posted September 29, 2010 Author ID:320195 Share Posted September 29, 2010 I just checked google and somehow everything works fine.Well, Thanks for Help!! I really appreciated!!! I will definitely going to donate it!!Again , Thanks~~~~ Link to post Share on other sites More sharing options...
kahdah Posted September 29, 2010 ID:320331 Share Posted September 29, 2010 Thanks for your donation I would like to check for any leftovers.So please go through with the instructions in my last post so we can wrap it up.Thank you. Link to post Share on other sites More sharing options...
Netizen Posted October 2, 2010 Author ID:321956 Share Posted October 2, 2010 Okay~Here is a report. When I was scanned..there was Trojan.Fake alert. something..But there is no indication of any infection on the report.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4713Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187022010-09-28 ?? 9:35:17mbam-log-2010-09-28 (21-35-17).txtScan type: Quick scanObjects scanned: 260006Time elapsed: 23 minute(s), 13 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Netizen Posted October 2, 2010 Author ID:321957 Share Posted October 2, 2010 Here is Kaspersky scan reportKASPERSKY ONLINE SCANNER 7.0: scan report Saturday, October 2, 2010Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner version: 7.0.26.13Last database update: Friday, October 01, 2010 18:48:05Records in database: 4270541Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\D:\E:\F:\G:\H:\ Scan statistics Objects scanned 89387 Threats found 4 Infected objects found 20 Suspicious objects found 0 Scan duration 10:23:51 File name Threat Threats count C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\BIN\atiicdxx.exe Infected: Virus.Win32.Virut.ce 1 C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\BIN\UpdatPnP.exe Infected: Virus.Win32.Virut.ce 1 C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\GARTnt\atiicdxx.exe Infected: Virus.Win32.Virut.ce 1 C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\HSFp_WinXP64\Setup64.exe Infected: Virus.Win32.Virut.ce 1 C:\Downloads\starcraft\??\??+???+??[1].zip Infected: Backdoor.Win32.Bifrose.dbzz 1 C:\Downloads\starcraft\??\??????3.6(simple).exe Infected: Backdoor.Win32.Bifrose.dbzz 1 C:\System Volume Information\_restore{0C2733B7-86FB-4FD5-A3FC-B25185BEDB4E}\RP1\A0000034.exe Infected: Virus.Win32.Virut.ce 1 C:\System Volume Information\_restore{0C2733B7-86FB-4FD5-A3FC-B25185BEDB4E}\RP1\A0000070.exe Infected: Virus.Win32.Virut.ce 1 C:\System Volume Information\_restore{50C6A1F2-ACB2-44AC-B040-1B354ACBE47A}\RP1\A0000036.exe Infected: Virus.Win32.Virut.ce 1 C:\System Volume Information\_restore{50C6A1F2-ACB2-44AC-B040-1B354ACBE47A}\RP1\A0000072.exe Infected: Virus.Win32.Virut.ce 1 C:\System Volume Information\_restore{50C6A1F2-ACB2-44AC-B040-1B354ACBE47A}\RP1\A0000191.exe Infected: Virus.Win32.Virut.ce 1 C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000162.exe Infected: Virus.Win32.Virut.ce 1 C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000339.exe Infected: Trojan-Downloader.Win32.Agent.ebsw 1 C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000349.exe Infected: Trojan-Downloader.Win32.Agent.ebsw 1 C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000415.exe Infected: Trojan-Downloader.Win32.Agent.ebsw 1 C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000422.exe Infected: Trojan-Downloader.Win32.Agent.ebsw 1 C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000466.exe Infected: Virus.Win32.Virut.ce 1 C:\System Volume Information\_restore{78CE242E-D2F4-400E-8109-8BE32DD5C48A}\RP1\A0000030.exe Infected: Virus.Win32.Virut.ce 1 C:\System Volume Information\_restore{78CE242E-D2F4-400E-8109-8BE32DD5C48A}\RP1\A0000066.exe Infected: Virus.Win32.Virut.ce 1 C:\System Volume Information\_restore{80C5C6EA-B565-4F44-A018-8DB1B873AFA8}\RP1\A0000103.exe Infected: P2P-Worm.Win32.Palevo.awhi 1 Selected area has been scanned. Link to post Share on other sites More sharing options...
kahdah Posted October 2, 2010 ID:321999 Share Posted October 2, 2010 Please delete these files:C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\BIN\atiicdxx.exeC:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\BIN\UpdatPnP.exe C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\GARTnt\atiicdxx.exeC:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\HSFp_WinXP64\Setup64.exe C:\Downloads\starcraft\??\??+???+??[1].zip C:\Downloads\starcraft\??\??????3.6(simple).exeCareful not to run any of those that is a very dangerous infection it will ruin your system.So make sure to be careful in handling those.=============Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply. Link to post Share on other sites More sharing options...
Netizen Posted October 2, 2010 Author ID:322065 Share Posted October 2, 2010 Here is OTL reportOTL logfile created on: 2010-10-02 ?? 7:34:42 - Run 3OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator.MAIN1\My DocumentsWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000412 | Country: ???? | Language: KOR | Date Format: yyyy-MM-dd1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 149.04 Gb Total Space | 66.25 Gb Free Space | 44.45% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedDrive I: | 931.51 Gb Total Space | 36.99 Gb Free Space | 3.97% Space Free | Partition Type: NTFSDrive J: | 14.31 Gb Total Space | 11.53 Gb Free Space | 80.59% Space Free | Partition Type: FAT32Computer Name: MAIN1Current User Name: AdministratorLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal========== Processes (SafeList) ==========PRC - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe (OldTimer Tools)PRC - C:\Program Files\ZioFile\ExpressService.exe (ExpressService)PRC - C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe (CREFREE Co., Ltd.)PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)PRC - C:\Program Files\RayV\RayV\RayV.exe (RayV)PRC - C:\Program Files\muhanfile\muhanfileClient.exe (PIPIS Media)PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)PRC - C:\Program Files\QuickDownloadService\qdownservice.exe (Innogrid, Inc)PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)PRC - C:\Program Files\QuickDownloadService\qdownagent.exe (Innogrid, Inc)PRC - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)PRC - C:\Program Files\QuickDownloadService\qdownupdate.exe (Innogrid, Inc)PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)========== Modules (SafeList) ==========MOD - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe (OldTimer Tools)MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)MOD - C:\WINDOWS\system32\IMKR12.IME (Microsoft Corporation)MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (ExpressService) -- C:\Program Files\ZioFile\ExpressService.exe (ExpressService)SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)SRV - (QuickDownload Service) -- C:\Program Files\QuickDownloadService\qdownservice.exe (Innogrid, Inc)SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (QuickDownload Agent) -- C:\Program Files\QuickDownloadService\qdownagent.exe (Innogrid, Inc)SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (QuickDownload Update) -- C:\Program Files\QuickDownloadService\qdownupdate.exe (Innogrid, Inc)SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)========== Driver Services (SafeList) ==========DRV - (TfSysMon) -- C:\WINDOWS\System32\drivers\TfSysMon.sys File not foundDRV - (TfNetMon) -- C:\WINDOWS\System32\drivers\TfNetMon.sys File not foundDRV - (TfFsMon) -- C:\WINDOWS\System32\drivers\TfFsMon.sys File not foundDRV - (scsk5) -- C:\WINDOWS\System32\drivers\scsk5.sys File not foundDRV - (neokdss) -- C:\WINDOWS\System32\Drivers\neokdss.sys File not foundDRV - (catchme) -- C:\DOCUME~1\ADMINI~1.MAI\LOCALS~1\Temp\catchme.sys File not foundDRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)DRV - (kcrtx86) -- C:\WINDOWS\system32\kcrtx86.sys (Kings Information & Network)DRV - (JRSKD24) -- C:\WINDOWS\system32\JRSKD24.SYS (SoftForum Corporation)DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)DRV - (npkakl) -- C:\WINDOWS\system32\npkakl.sys (INCA Internet Co.,Ltd.)DRV - (NOWMEMDF) -- C:\WINDOWS\system32\nowmemdf.sys (©NOWCOM)DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.)DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sy@ (Microsoft Corporation)DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)DRV - (ousb2hub) -- C:\WINDOWS\system32\drivers\ousb2hub.sys (OrangeWare Corporation)DRV - (ousbehci) -- C:\WINDOWS\system32\drivers\ousbehci.sys (OrangeWare Corporation)DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = koIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 08 8B 24 1C 5D CB 01 [binary data]IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-02 17:26:59 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-02 17:25:46 | 000,000,000 | ---D | M][2010-10-02 16:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Extensions[2010-10-02 16:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2010-10-02 16:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Firefox\Profiles\j5s9qsp7.default\extensions[2010-10-02 17:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-10-02 17:25:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2010-08-24 22:38:21 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll[2010-08-24 22:38:21 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll[2010-08-24 22:38:21 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll[2010-08-24 20:56:13 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml[2010-08-24 20:56:13 | 000,004,573 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\danawa-kr.xml[2010-08-24 20:56:13 | 000,007,980 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\daum-kr.xml[2010-08-24 20:56:13 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml[2010-08-24 20:56:13 | 000,004,262 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\naver-kr.xml[2010-08-24 20:56:13 | 000,001,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-kr.xml[2010-08-24 20:56:13 | 000,001,103 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-kr.xmlO1 HOSTS File: ([2010-09-28 20:12:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (?TV ???) - {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)O2 - BHO: (ALToolbarBho Class) - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)O3 - HKLM\..\Toolbar: (??! ??) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)O3 - HKCU\..\Toolbar\ShellBrowser: (??(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (??(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (??(&L)) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)O4 - HKLM..\Run: [Korean IME Migration] C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)O4 - HKCU..\Run: [secuWidgetRs.exe] C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe (CREFREE Co., Ltd.)O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not foundO4 - Startup: C:\Documents and Settings\All Users.WINDOWS\?? ??\????\??????\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9 - Extra Button: ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)O9 - Extra 'Tools' menuitem : ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)O9 - Extra Button: ????? ?? ?? - {0A07354E-A092-490f-9597-BA096721A26D} - Reg Error: Key error. File not foundO9 - Extra Button: ?? ????, 11?? - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - File not foundO9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} http://sticube.clubbox.co.kr/sticubeupdate...NowStarter2.cab (NowStarter2 Control)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} https://plugin.inicis.com/wallet61/INIwallet61.cab (INIwallet61 Control)O16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} http://ondisk.co.kr/setup/OnDiskWebControl.cab (OnDisk File Control)O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://image.cjmall.com/initech/plugin/dow...2010/INIS60.cab (INISAFEWeb6 V6 Class)O16 - DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} http://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB (Fdisk File Control 1)O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} https://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab (XPayMPIOCX Control)O16 - DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} http://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cab (GPKIInstallerX Class)O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} http://download.netmarble.net/ActiveX/NMAu....1_20091109.cab (NetmarbleAutoUpdater Class)O16 - DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} https://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cab (NCLoaderCtl Class)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1256884841828 (WUWebControl Class)O16 - DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} http://imbbs.imbc.com/controls/BBSFileUpload.cab (BBSFileUpload Control)O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} https://members.hangame.com/common/CKKeyProInst.cab (XecureCKKB Class)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1256985826281 (MUWebControl Class)O16 - DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} http://www.nhis.co.kr/real/DWSocket_NH.cab (DWSocket Control)O16 - DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} http://143.248.182.120/applex_wdigm/active...cyScannerXP.cab (PrivacyScannerXP Control)O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} http://www.x2game.com/Control/AutoPatchOCX.cab (AutoPatchOCX Control)O16 - DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} http://wo.tk.co.kr/webstarter/webstarter.cab (WebStarter Control)O16 - DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} http://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cab (OmlUMngClnt Class)O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://gcc.nefficient.co.kr/gcc/vista/xecu.../xw_install.cab (XecureWeb 4.0 Client Control)O16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} http://download.netmarble.net/ActiveX/NMAu...nfo_1.0.0.1.cab (NetmarbleSystemIDInfo Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} http://cs.hangame.com/hangame/js/mail/HGReport.cab (SpecAnalyzer Class)O16 - DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} http://ziofile.com/setver/ZioFileControl.cab (Zio File Control)O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://pann.nate.com/html/editor/CyPictureU.cab?20090430 (CyImage Class)O16 - DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} http://www.bomul.com/common/InnoFD/bomul_zdnet.cab (MainCtrl Class)O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab (V3D Client Control)O16 - DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} http://beefile.com/mmsv/BeefileWebControl.CAB (Beefile File Share Control 1)O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} http://download.netmarble.net/kdefence/kdfense8237.cab (Kdfense8 Control)O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.com/sayclub/sayctl/sayax.cab (Sayclub Login Control)O16 - DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} http://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cab (FileUpload_Invil Control)O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop.co.kr/ssl/MSecure.cab (MakeShop Secure Control)O16 - DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} http://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cab (KVPLoginCtl Control)O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://id.hangame.com/common/HanSetup1030.cab (HanSetupCtrl1010 Class)O16 - DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} http://muhanfile.net/p2p/ActiveX/SeverFileX.ocx (AXServerFileX Control)O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} http://cyimg7.cyworld.com/cymusic/package/skcinst.cab (SKCInst1 Class)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)O16 - DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} http://218.55.98.92/appx/pdpopax.cab (MyPdpopAX Class)O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} https://supdate.nprotect.net/nprotect2007/k...kcx_1004271.cab (NPKCX Control)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} https://plugin.inicis.com/banktown/wallet/p...tPmntClient.cab (BtPmntClient Class)O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photoup...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab (KvpIspCtlD Control)O16 - DPF: {E92BD7ED-2045-4EFD-BB85-46444C9F738C} https://dn2.realscan.co.kr/data/realscan/Re...an_Launcher.cab (Reg Error: Key error.)O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} https://web.teledit.com/Sign/SKCommAX.cab (SKCommAX Control)O16 - DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} http://toolbar.imbc.com/toolbar/setup/MBCXeb.cab (MBCXeb Control)O16 - DPF: {F67C8301-3928-4CAC-8914-16363551D293} http://www.iprovest.com/wts/object/KbcWeb.cab (KbcWebDesk Control)O16 - DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} http://i-plus.jssearch.net/ActiveX/IPlusInstall.cab (AxIPlusInstall)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-05-03 12:22:31 | 000,000,037 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010-10-02 17:03:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood[2010-10-02 16:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\????[2010-10-02 16:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Mozilla[2010-10-02 16:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla[2010-09-28 20:21:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2010-09-28 20:06:53 | 000,000,000 | RHSD | C] -- C:\cmdcons[2010-09-28 20:03:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2010-09-28 20:03:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2010-09-28 20:03:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2010-09-28 20:03:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2010-09-28 20:01:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2010-09-28 19:59:26 | 000,000,000 | ---D | C] -- C:\Qoobox[2010-09-28 19:41:09 | 000,000,000 | ---D | C] -- C:\_OTL[2010-09-28 16:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva[2010-09-28 16:24:31 | 001,552,776 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\rcsetup138.exe[2010-09-27 18:22:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe[2010-09-25 21:40:30 | 001,253,712 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\wlsetup-web.exe[2010-09-25 19:52:24 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe[2010-09-25 19:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Windows-XP-WGA-Activation-Crack-reg-file[2010-09-25 19:40:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine[2010-09-25 19:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller[2010-09-25 19:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\GooredFix Backups[2010-09-25 19:36:30 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\GooredFix.exe[2010-09-25 15:36:18 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_37.dll[2010-09-25 15:36:18 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll[2010-09-25 15:36:18 | 000,681,472 | ---- | C] (KM-Software) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\msvcrt(DEBUG).dll[2010-09-25 15:36:18 | 000,329,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DXErr.exe[2010-09-25 15:36:18 | 000,209,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxcpl.exe[2010-09-25 15:36:18 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxgi.dll[2010-09-25 15:36:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmapi.dll[2010-09-25 15:36:17 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll[2010-09-25 15:36:17 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll[2010-09-25 15:36:16 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll[2010-09-25 15:36:16 | 001,162,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdllnew.dll[2010-09-25 15:36:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll[2010-09-25 15:36:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll[2010-09-25 15:36:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll[2010-09-25 15:36:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll[2010-09-25 15:36:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll[2010-09-25 15:36:16 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10.dll[2010-09-25 15:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final[2010-09-24 19:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Number Press[2010-09-24 18:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win[2010-09-20 15:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared[2010-09-20 15:51:48 | 004,413,883 | ---- | C] (isSoft ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\isposa.exe[2010-09-20 15:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPC[2010-09-19 21:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Demo_NumberPress_win[2010-09-19 20:32:17 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys[2010-09-19 20:32:16 | 000,059,472 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys[2010-09-19 20:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro[2010-09-19 20:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2010-09-19 19:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group[2010-09-19 19:53:37 | 000,661,808 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl[2010-09-19 19:53:34 | 001,331,512 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys[2010-09-19 19:53:34 | 000,249,424 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys[2010-09-19 19:53:34 | 000,089,872 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys[2010-09-19 19:53:34 | 000,036,432 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys[2010-09-19 18:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard[2010-09-19 16:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit[2010-09-19 16:48:32 | 037,781,272 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit.exe[2010-09-19 16:36:04 | 000,163,408 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys[2010-09-19 16:15:17 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\spybotsd162.exe[2010-09-19 15:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Hijack Fix[2010-09-19 15:59:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe[2010-09-19 15:59:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE[2010-09-19 15:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DesktopHijackFix[2010-09-18 18:25:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.MAIN1\Recent[2010-09-18 18:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean[2010-09-18 16:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor[2010-09-18 16:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools[2010-09-18 16:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Downloads[2010-09-18 16:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\GetRightToGo[2010-09-18 16:52:24 | 000,367,232 | ---- | C] (RegNow.com) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Download_7.0.0.538f-sdasetup-regnow201-AVP.exe[2010-09-18 16:36:05 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sy@[2010-09-18 16:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8[2010-09-18 16:22:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010-09-18 16:22:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010-09-18 16:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010-09-18 16:06:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch[2010-09-18 16:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\PowerPad[2010-09-18 16:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPad[2010-09-18 16:01:40 | 007,247,857 | ---- | C] (Nathan Osman ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\PowerPad_1_3_0_0.exe[2010-09-18 15:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ezbsedemo[2010-09-18 15:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\PrintMergeNum[2010-09-18 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Numbering[2010-09-18 15:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Deployment[2010-09-18 15:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ezbdemo[2010-09-14 21:14:37 | 000,242,360 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\TeCtrl.dll[2010-09-14 21:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared[2010-09-13 16:38:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Banktown[2010-09-12 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\GPKISecureWeb[2010-09-10 18:08:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup.exe[2010-09-10 17:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos[2010-09-06 20:04:23 | 000,207,456 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npkcmsvc.exe[2010-09-05 19:01:52 | 000,179,080 | ---- | C] (NKSolution) -- C:\WINDOWS\System32\uninst_everyclean.exe[2010-09-05 18:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Auto Styling Plugin[2010-09-05 18:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin[2010-09-03 19:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Windows Search[2010-09-03 17:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\NATEON[2010-09-03 15:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\ClientKeeper[2010-09-03 15:10:13 | 000,039,944 | ---- | C] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS[2010-09-03 15:10:09 | 000,124,424 | R--- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKAgent.exe[2010-09-03 15:10:08 | 000,390,456 | ---- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\XecureCK.dll[2010-09-03 15:10:08 | 000,107,832 | ---- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKComObj.dll[2010-09-03 15:10:06 | 000,177,464 | ---- | C] (SoftForum Co. Ltd.) -- C:\WINDOWS\System32\CKApp.dll[2010-09-03 15:10:04 | 000,156,984 | ---- | C] (SoftForm Co. Ltd.) -- C:\WINDOWS\System32\Jrsoftcp.dll[2010-09-03 15:10:03 | 000,316,728 | ---- | C] (Softforum Co. Ltd.) -- C:\WINDOWS\System32\CKCrypto.dll[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010-10-02 19:45:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-10-02 17:27:10 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Mozilla Firefox.lnk[2010-10-02 17:13:36 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf[2010-10-02 16:43:02 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Administrator.MAIN1\NTUSER.DAT[2010-10-02 16:29:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat[2010-10-02 16:06:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Adobe Reader 9.lnk[2010-10-02 16:04:56 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job[2010-10-02 16:01:45 | 000,000,668 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0db54a977e38.job[2010-10-02 16:01:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-10-02 16:01:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-10-02 15:59:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.MAIN1\ntuser.ini[2010-10-02 15:59:28 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\IconCache.db[2010-10-02 15:55:53 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-10-02 15:11:50 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\October 2010? ?? ??.lnk[2010-10-02 14:33:19 | 000,007,550 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\K-report.html[2010-10-02 09:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2010-10-01 16:06:37 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\Internet Explorer\Quick Launch\????.url[2010-10-01 16:06:37 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\????.url[2010-09-30 15:58:53 | 000,036,291 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Sept10.pdf[2010-09-30 15:49:43 | 000,015,541 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Aug10.pdf[2010-09-30 15:46:58 | 000,068,796 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ServiceCanada001.pdf[2010-09-28 20:13:02 | 000,000,364 | ---- | M] () -- C:\WINDOWS\system.ini[2010-09-28 20:12:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010-09-28 20:06:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini[2010-09-28 19:58:59 | 003,855,377 | R--- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\ComboFix.exe[2010-09-28 16:24:52 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Recuva.lnk[2010-09-28 16:24:43 | 001,552,776 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\rcsetup138.exe[2010-09-27 18:22:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe[2010-09-27 18:13:56 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\RKUnhookerLE.EXE[2010-09-26 17:02:50 | 000,048,345 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberPressPDF.pdf[2010-09-26 16:57:55 | 000,003,231 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberingSettings.np3[2010-09-26 16:26:53 | 000,000,009 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NumberPressPrefs3[2010-09-26 16:26:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NP_PDF_FilePath[2010-09-25 21:40:36 | 001,253,712 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\wlsetup-web.exe[2010-09-25 19:37:16 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller.zip[2010-09-25 19:36:33 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\GooredFix.exe[2010-09-25 19:01:28 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\HiJackThis.lnk[2010-09-25 19:00:35 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\HiJackThis.msi[2010-09-25 18:59:36 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe[2010-09-25 18:59:33 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE[2010-09-25 15:36:19 | 000,003,016 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat[2010-09-25 15:36:08 | 000,716,153 | ---- | M] () -- C:\WINDOWS\System32\unins000.exe[2010-09-25 15:34:44 | 004,764,229 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final.zip[2010-09-24 19:01:32 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NPSN3[2010-09-24 19:00:38 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Number Press.lnk[2010-09-24 18:50:55 | 013,085,859 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win.zip[2010-09-20 15:52:12 | 004,413,883 | ---- | M] (isSoft ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\isposa.exe[2010-09-19 20:18:57 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Trend Micro AntiVirus plus AntiSpyware.lnk[2010-09-19 19:53:37 | 000,661,808 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl[2010-09-19 19:53:34 | 000,089,872 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys[2010-09-19 18:52:41 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-09-19 16:48:38 | 037,781,272 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit.exe[2010-09-19 16:15:32 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\spybotsd162.exe[2010-09-18 21:20:43 | 004,719,523 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean.zip[2010-09-18 17:46:09 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Malwarebytes' Anti-Malware.lnk[2010-09-18 17:29:21 | 000,367,232 | ---- | M] (RegNow.com) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Download_7.0.0.538f-sdasetup-regnow201-AVP.exe[2010-09-18 16:03:37 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\powerpad.conf[2010-09-18 16:02:14 | 007,247,857 | ---- | M] (Nathan Osman ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\PowerPad_1_3_0_0.exe[2010-09-18 15:28:18 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\asentence.dat[2010-09-16 22:02:54 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\September 2010? ?? ??.lnk[2010-09-14 21:14:33 | 000,000,170 | ---- | M] () -- C:\WINDOWS\System32\npconf.md5[2010-09-14 21:02:47 | 000,000,310 | ---- | M] () -- C:\WINDOWS\System32\npzupdate.conf[2010-09-10 19:38:59 | 000,000,030 | ---- | M] () -- C:\Program Files\NOT[2010-09-10 18:34:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup.exe[2010-09-10 17:20:03 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sar_15_sfx.exe[2010-09-10 16:52:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\CCleaner.lnk[2010-09-10 16:52:20 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ccsetup235.exe[2010-09-08 07:18:00 | 000,021,884 | ---- | M] () -- C:\WINDOWS\System32\teexcept.dat[2010-09-06 21:32:01 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System32\p3downasx.asx[2010-09-06 20:04:23 | 000,207,456 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npkcmsvc.exe[2010-09-05 19:01:57 | 000,179,080 | ---- | M] (NKSolution) -- C:\WINDOWS\System32\uninst_everyclean.exe[2010-09-04 19:51:09 | 000,000,106 | ---- | M] () -- C:\WINDOWS\msecure.ini[2010-09-04 15:52:25 | 000,126,048 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\kcrtx86.sys[2010-09-04 15:52:25 | 000,017,160 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSUKD25.SYS[2010-09-04 15:52:24 | 000,039,944 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS[2010-09-03 17:20:51 | 000,001,413 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\????.lnk[2010-09-03 15:10:09 | 000,124,424 | R--- | M] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKAgent.exe[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2010-10-02 17:27:10 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Mozilla Firefox.lnk[2010-10-02 17:13:36 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf[2010-10-02 16:29:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2010-10-02 15:11:50 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\October 2010? ?? ??.lnk[2010-10-02 14:33:18 | 000,007,550 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\K-report.html[2010-09-30 15:58:53 | 000,036,291 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Sept10.pdf[2010-09-30 15:49:43 | 000,015,541 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Aug10.pdf[2010-09-30 15:46:58 | 000,068,796 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ServiceCanada001.pdf[2010-09-28 20:06:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak[2010-09-28 20:06:55 | 000,260,272 | RHS- | C] () -- C:\cmldr[2010-09-28 20:03:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe[2010-09-28 20:03:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe[2010-09-28 20:03:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2010-09-28 20:03:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2010-09-28 20:03:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2010-09-28 19:58:20 | 003,855,377 | R--- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\ComboFix.exe[2010-09-28 16:24:52 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Recuva.lnk[2010-09-27 18:13:55 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\RKUnhookerLE.EXE[2010-09-25 19:54:34 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job[2010-09-25 19:37:15 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller.zip[2010-09-25 19:01:03 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\HiJackThis.lnk[2010-09-25 19:00:27 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\HiJackThis.msi[2010-09-25 15:36:18 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg[2010-09-25 15:36:15 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll[2010-09-25 15:36:15 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe[2010-09-25 15:36:14 | 000,003,016 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat[2010-09-25 15:34:42 | 004,764,229 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final.zip[2010-09-24 19:01:32 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NPSN3[2010-09-24 19:00:38 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Number Press.lnk[2010-09-24 18:50:53 | 013,085,859 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win.zip[2010-09-20 15:52:38 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL[2010-09-19 21:22:48 | 000,048,345 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberPressPDF.pdf[2010-09-19 21:15:31 | 000,003,231 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberingSettings.np3[2010-09-19 21:03:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NP_PDF_FilePath[2010-09-19 21:03:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NumberPressPrefs3[2010-09-19 20:18:57 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Trend Micro AntiVirus plus AntiSpyware.lnk[2010-09-19 02:16:56 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-09-18 18:05:04 | 004,719,523 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean.zip[2010-09-18 16:22:22 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Malwarebytes' Anti-Malware.lnk[2010-09-18 16:02:48 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\powerpad.conf[2010-09-16 22:02:54 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\September 2010? ?? ??.lnk[2010-09-14 21:14:37 | 000,021,884 | ---- | C] () -- C:\WINDOWS\System32\teexcept.dat[2010-09-14 21:03:01 | 000,000,170 | ---- | C] () -- C:\WINDOWS\System32\npconf.md5[2010-09-14 21:02:47 | 000,000,310 | ---- | C] () -- C:\WINDOWS\System32\npzupdate.conf[2010-09-10 17:19:51 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sar_15_sfx.exe[2010-09-05 19:00:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\asentence.dat[2010-09-04 19:51:09 | 000,000,106 | ---- | C] () -- C:\WINDOWS\msecure.ini[2010-09-04 17:58:32 | 001,443,224 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1061.dll[2010-09-03 17:20:51 | 000,001,413 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\????.lnk[2010-08-31 17:56:45 | 000,000,030 | ---- | C] () -- C:\Program Files\NOT[2010-08-28 19:42:46 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\fusioncache.dat[2010-07-30 17:18:04 | 000,066,920 | ---- | C] () -- C:\WINDOWS\CMListControl.dll[2010-07-07 17:10:16 | 000,000,135 | ---- | C] () -- C:\WINDOWS\pfwbase.INI[2010-07-07 17:09:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PFW3.INI[2010-07-07 17:09:12 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Averasell.ini[2010-07-07 17:08:39 | 000,000,444 | ---- | C] () -- C:\WINDOWS\retailer.ini[2010-06-17 16:06:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini[2010-06-13 19:09:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\nod.dll[2010-06-13 19:07:51 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini[2010-06-13 19:07:45 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini[2010-06-04 16:24:51 | 000,066,920 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll[2010-04-29 15:09:00 | 000,032,257 | ---- | C] () -- C:\WINDOWS\System32\DWSocket_DefinePacket_NH.ini[2010-04-29 11:04:58 | 000,000,313 | ---- | C] () -- C:\WINDOWS\System32\DWSocket_Set.ini[2009-11-24 09:54:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll[2009-10-30 04:25:25 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak[2009-10-30 04:25:25 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll[2009-10-30 04:15:54 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-10-30 02:24:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll[2009-04-30 23:35:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll[2009-04-10 13:19:32 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_JPN.dll[2009-04-10 13:19:26 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_CHN.dll[2009-04-10 13:19:20 | 000,103,904 | ---- | C] () -- C:\WINDOWS\System32\FU_ENG.dll[2009-04-10 13:19:14 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_KOR.dll[2009-04-06 17:16:34 | 000,596,512 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll[2008-05-26 22:23:12 | 000,011,810 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini[2008-05-26 22:23:10 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini[2008-05-26 22:23:10 | 000,011,886 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini[2008-03-20 05:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak[2008-03-20 05:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll[2008-03-13 02:19:56 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\netdrive.sys[2008-02-28 16:45:20 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\KvpLoginUpCom.dll[2004-06-23 12:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI[2003-08-28 15:44:28 | 000,000,211 | ---- | C] () -- C:\WINDOWS\drds.ini[2001-08-29 08:00:00 | 000,192,560 | ---- | C] () -- C:\WINDOWS\System32\hfont.sys[2001-08-29 08:00:00 | 000,056,505 | ---- | C] () -- C:\WINDOWS\System32\hbios.sys[2001-08-29 08:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys[2001-08-29 08:00:00 | 000,000,793 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys========== Alternate Data Streams ==========@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp:DFC5A2B2< End of report > Link to post Share on other sites More sharing options...
Netizen Posted October 3, 2010 Author ID:322088 Share Posted October 3, 2010 I am keep getting a infection (Trojan Fake Alert) from Malwarebytes' Anti-Malware....but report doesn't show any sign of infectionI am uploading a jpg file. Link to post Share on other sites More sharing options...
Recommended Posts