Jump to content

There is possible Hijack malware but I cannot find anyproblem


Netizen

Recommended Posts

Here is my HijackThis logfile

I really need help. When I click the some site(ex, Yahoo) from Google page the site direct to

http://66.45.255.230/click.php?c=7b7771ff0...c50fa456a2a7f02 here

Thanks~

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at ?? 7:02:19, on 2010-09-25

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ZioFile\ExpressService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\npkcmsvc.exe

C:\Program Files\QuickDownloadService\qdownagent.exe

C:\Program Files\QuickDownloadService\qdownupdate.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\conime.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\RayV\RayV\RayV.exe

C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: gsearch - {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: ALToolBar BHO - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O3 - Toolbar: ALToolBar - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: ??! ?? - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE

O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S324.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background

O4 - HKCU\..\Run: [secuWidgetRs.exe] C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')

O9 - Extra button: ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dll

O9 - Extra 'Tools' menuitem: ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\PROGRA~1\GRETECH\GOMTVH~1\ghelper.dll

O9 - Extra button: ????? ?? ?? - {0A07354E-A092-490f-9597-BA096721A26D} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: ??? - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Windows Live Writer? ???(&:) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: ?? ????, 11?? - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmal...;tid=1000105205 (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} (NowStarter2 Control) - http://sticube.clubbox.co.kr/sticubeupdate...NowStarter2.cab

O16 - DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} (INIwallet61 Control) - https://plugin.inicis.com/wallet61/INIwallet61.cab

O16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} (OnDisk File Control) - http://ondisk.co.kr/setup/OnDiskWebControl.cab

O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://image.cjmall.com/initech/plugin/dow...2010/INIS60.cab

O16 - DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} (Fdisk File Control 1) - http://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB

O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - https://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab

O16 - DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} (GPKIInstallerX Class) - http://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cab

O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} (NetmarbleAutoUpdater Class) - http://download.netmarble.net/ActiveX/NMAu....1_20091109.cab

O16 - DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} (NCLoaderCtl Class) - https://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1256884841828

O16 - DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} (BBSFileUpload Control) - http://imbbs.imbc.com/controls/BBSFileUpload.cab

O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - https://members.hangame.com/common/CKKeyProInst.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256985826281

O16 - DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} (DWSocket Control) - http://www.nhis.co.kr/real/DWSocket_NH.cab

O16 - DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} (PrivacyScannerXP Control) - http://143.248.182.120/applex_wdigm/active...cyScannerXP.cab

O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cab

O16 - DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} (WebStarter Control) - http://wo.tk.co.kr/webstarter/webstarter.cab

O16 - DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} (OmlUMngClnt Class) - http://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cab

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://gcc.nefficient.co.kr/gcc/vista/xecu.../xw_install.cab

O16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} (NetmarbleSystemIDInfo Class) - http://download.netmarble.net/ActiveX/NMAu...nfo_1.0.0.1.cab

O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} (SpecAnalyzer Class) - http://cs.hangame.com/hangame/js/mail/HGReport.cab

O16 - DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} (Zio File Control) - http://ziofile.com/setver/ZioFileControl.cab

O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://pann.nate.com/html/editor/CyPictureU.cab?20090430

O16 - DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} (MainCtrl Class) - http://www.bomul.com/common/InnoFD/bomul_zdnet.cab

O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (V3D Client Control) - https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab

O16 - DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} (Beefile File Share Control 1) - http://beefile.com/mmsv/BeefileWebControl.CAB

O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.net/kdefence/kdfense8237.cab

O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Sayclub Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab

O16 - DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} (FileUpload_Invil Control) - http://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cab

O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} (MakeShop Secure Control) - http://ssl.makeshop.co.kr/ssl/MSecure.cab

O16 - DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} (KVPLoginCtl Control) - http://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cab

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://id.hangame.com/common/HanSetup1030.cab

O16 - DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} (AXServerFileX Control) - http://muhanfile.net/p2p/ActiveX/SeverFileX.ocx

O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} (SKCInst1 Class) - http://cyimg7.cyworld.com/cymusic/package/skcinst.cab

O16 - DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} (MyPdpopAX Class) - http://218.55.98.92/appx/pdpopax.cab

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://supdate.nprotect.net/nprotect2007/k...kcx_1004271.cab

O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - http://update.nprotect.net/nprotect2007/iprovest/npz2.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - https://plugin.inicis.com/banktown/wallet/p...tPmntClient.cab

O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab

O16 - DPF: {E92BD7ED-2045-4EFD-BB85-46444C9F738C} - https://dn2.realscan.co.kr/data/realscan/Re...an_Launcher.cab

O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - https://web.teledit.com/Sign/SKCommAX.cab

O16 - DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} (MBCXeb Control) - http://toolbar.imbc.com/toolbar/setup/MBCXeb.cab

O16 - DPF: {F67C8301-3928-4CAC-8914-16363551D293} (KbcWebDesk Control) - http://www.iprovest.com/wts/object/KbcWeb.cab

O16 - DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} (AxIPlusInstall) - http://i-plus.jssearch.net/ActiveX/IPlusInstall.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ExpressService - ExpressService - C:\Program Files\ZioFile\ExpressService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe

O23 - Service: QuickDownload Agent - Innogrid, Inc - C:\Program Files\QuickDownloadService\qdownagent.exe

O23 - Service: QuickDownload Service - Innogrid, Inc - C:\Program Files\QuickDownloadService\qdownservice.exe

O23 - Service: QuickDownload Update - Innogrid, Inc - C:\Program Files\QuickDownloadService\qdownupdate.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 15659 bytes

Link to post
Share on other sites

Hello Netizen

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

I did what you told me to do..but data is enormous

OTL logfile created on: 2010-09-27 ?? 7:25:28 - Run 2

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator.MAIN1\My Documents

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000412 | Country: ???? | Language: KOR | Date Format: yyyy-MM-dd

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 55.03 Gb Free Space | 36.92% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 14.31 Gb Total Space | 11.94 Gb Free Space | 83.44% Space Free | Partition Type: FAT32

Computer Name: MAIN1

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\EE1FB72E.exe ()

PRC - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\ZioFile\ExpressService.exe (ExpressService)

PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)

PRC - C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe (CREFREE Co., Ltd.)

PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

PRC - C:\Program Files\RayV\RayV\RayV.exe (RayV)

PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\QuickDownloadService\qdownagent.exe (Innogrid, Inc)

PRC - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)

PRC - C:\Program Files\QuickDownloadService\qdownupdate.exe (Innogrid, Inc)

PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\IMKR12.IME (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (EE1FB72E) -- C:\WINDOWS\system32\EE1FB72E.exe ()

SRV - (ExpressService) -- C:\Program Files\ZioFile\ExpressService.exe (ExpressService)

SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)

SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)

SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (QuickDownload Service) -- C:\Program Files\QuickDownloadService\qdownservice.exe (Innogrid, Inc)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (QuickDownload Agent) -- C:\Program Files\QuickDownloadService\qdownagent.exe (Innogrid, Inc)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)

SRV - (QuickDownload Update) -- C:\Program Files\QuickDownloadService\qdownupdate.exe (Innogrid, Inc)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- C:\WINDOWS\System32\drivers\TfSysMon.sys File not found

DRV - (TfNetMon) -- C:\WINDOWS\System32\drivers\TfNetMon.sys File not found

DRV - (TfFsMon) -- C:\WINDOWS\System32\drivers\TfFsMon.sys File not found

DRV - (scsk5) -- C:\WINDOWS\System32\drivers\scsk5.sys File not found

DRV - (neokdss) -- C:\WINDOWS\System32\Drivers\neokdss.sys File not found

DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\45.tmp File not found

DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (kcrtx86) -- C:\WINDOWS\system32\kcrtx86.sys (Kings Information & Network)

DRV - (JRSKD24) -- C:\WINDOWS\system32\JRSKD24.SYS (SoftForum Corporation)

DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)

DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (npkakl) -- C:\WINDOWS\system32\npkakl.sys (INCA Internet Co.,Ltd.)

DRV - (NOWMEMDF) -- C:\WINDOWS\system32\nowmemdf.sys (©NOWCOM)

DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)

DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)

DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sy@ (Microsoft Corporation)

DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ousb2hub) -- C:\WINDOWS\system32\drivers\ousb2hub.sys (OrangeWare Corporation)

DRV - (ousbehci) -- C:\WINDOWS\system32\drivers\ousbehci.sys (OrangeWare Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://kr.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ko

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 08 8B 24 1C 5D CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010-09-19 20:13:57 | 000,000,746 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 nProtect.ncsoft.co.kr

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (?TV ???) - {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (ALToolbarBho Class) - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)

O3 - HKLM\..\Toolbar: (??! ??) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (??(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (??(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (??(&L)) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Korean IME Migration] C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)

O4 - HKCU..\Run: [secuWidgetRs.exe] C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe (CREFREE Co., Ltd.)

O4 - HKLM..\RunOnce: [TSC] C:\Program Files\Trend Micro\Internet Security\tsc.exe (Trend Micro Inc.)

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\?? ??\????\??????\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O9 - Extra Button: ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)

O9 - Extra 'Tools' menuitem : ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)

O9 - Extra Button: ????? ?? ?? - {0A07354E-A092-490f-9597-BA096721A26D} - Reg Error: Key error. File not found

O9 - Extra Button: ??? - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Live Writer? ???(&:) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: ?? ????, 11?? - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} http://sticube.clubbox.co.kr/sticubeupdate...NowStarter2.cab (NowStarter2 Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} https://plugin.inicis.com/wallet61/INIwallet61.cab (INIwallet61 Control)

O16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} http://ondisk.co.kr/setup/OnDiskWebControl.cab (OnDisk File Control)

O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://image.cjmall.com/initech/plugin/dow...2010/INIS60.cab (INISAFEWeb6 V6 Class)

O16 - DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} http://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB (Fdisk File Control 1)

O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} https://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab (XPayMPIOCX Control)

O16 - DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} http://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cab (GPKIInstallerX Class)

O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} http://download.netmarble.net/ActiveX/NMAu....1_20091109.cab (NetmarbleAutoUpdater Class)

O16 - DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} https://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cab (NCLoaderCtl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1256884841828 (WUWebControl Class)

O16 - DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} http://imbbs.imbc.com/controls/BBSFileUpload.cab (BBSFileUpload Control)

O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} https://members.hangame.com/common/CKKeyProInst.cab (XecureCKKB Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1256985826281 (MUWebControl Class)

O16 - DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} http://www.nhis.co.kr/real/DWSocket_NH.cab (DWSocket Control)

O16 - DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} http://143.248.182.120/applex_wdigm/active...cyScannerXP.cab (PrivacyScannerXP Control)

O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} http://www.x2game.com/Control/AutoPatchOCX.cab (AutoPatchOCX Control)

O16 - DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} http://wo.tk.co.kr/webstarter/webstarter.cab (WebStarter Control)

O16 - DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} http://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cab (OmlUMngClnt Class)

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://gcc.nefficient.co.kr/gcc/vista/xecu.../xw_install.cab (XecureWeb 4.0 Client Control)

O16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} http://download.netmarble.net/ActiveX/NMAu...nfo_1.0.0.1.cab (NetmarbleSystemIDInfo Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} http://cs.hangame.com/hangame/js/mail/HGReport.cab (SpecAnalyzer Class)

O16 - DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} http://ziofile.com/setver/ZioFileControl.cab (Zio File Control)

O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://pann.nate.com/html/editor/CyPictureU.cab?20090430 (CyImage Class)

O16 - DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} http://www.bomul.com/common/InnoFD/bomul_zdnet.cab (MainCtrl Class)

O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab (V3D Client Control)

O16 - DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} http://beefile.com/mmsv/BeefileWebControl.CAB (Beefile File Share Control 1)

O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} http://download.netmarble.net/kdefence/kdfense8237.cab (Kdfense8 Control)

O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.com/sayclub/sayctl/sayax.cab (Sayclub Login Control)

O16 - DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} http://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cab (FileUpload_Invil Control)

O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop.co.kr/ssl/MSecure.cab (MakeShop Secure Control)

O16 - DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} http://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cab (KVPLoginCtl Control)

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://id.hangame.com/common/HanSetup1030.cab (HanSetupCtrl1010 Class)

O16 - DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} http://muhanfile.net/p2p/ActiveX/SeverFileX.ocx (AXServerFileX Control)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} http://cyimg7.cyworld.com/cymusic/package/skcinst.cab (SKCInst1 Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} http://218.55.98.92/appx/pdpopax.cab (MyPdpopAX Class)

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} https://supdate.nprotect.net/nprotect2007/k...kcx_1004271.cab (NPKCX Control)

O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} http://update.nprotect.net/nprotect2007/iprovest/npz2.cab (Npz Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} https://plugin.inicis.com/banktown/wallet/p...tPmntClient.cab (BtPmntClient Class)

O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab (KvpIspCtlD Control)

O16 - DPF: {E92BD7ED-2045-4EFD-BB85-46444C9F738C} https://dn2.realscan.co.kr/data/realscan/Re...an_Launcher.cab (Reg Error: Key error.)

O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} https://web.teledit.com/Sign/SKCommAX.cab (SKCommAX Control)

O16 - DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} http://toolbar.imbc.com/toolbar/setup/MBCXeb.cab (MBCXeb Control)

O16 - DPF: {F67C8301-3928-4CAC-8914-16363551D293} http://www.iprovest.com/wts/object/KbcWeb.cab (KbcWebDesk Control)

O16 - DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} http://i-plus.jssearch.net/ActiveX/IPlusInstall.cab (AxIPlusInstall)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\??.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\??.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2009-05-03 12:22:31 | 000,000,037 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{281ad56c-63be-11df-8659-0013d30d777a}\Shell\AutoRun\command - "" = awp.com

O33 - MountPoints2\{281ad56c-63be-11df-8659-0013d30d777a}\Shell\open\Command - "" = awp.com

O33 - MountPoints2\{734e2bae-cea3-11de-855a-0013d30d777a}\Shell\AutoRun\command - "" = awp.com

O33 - MountPoints2\{734e2bae-cea3-11de-855a-0013d30d777a}\Shell\open\Command - "" = awp.com

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010-09-27 18:22:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe

[2010-09-25 22:06:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010-09-25 21:40:30 | 001,253,712 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\wlsetup-web.exe

[2010-09-25 19:52:24 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010-09-25 19:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Windows-XP-WGA-Activation-Crack-reg-file

[2010-09-25 19:40:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2010-09-25 19:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller

[2010-09-25 19:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\GooredFix Backups

[2010-09-25 19:36:30 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\GooredFix.exe

[2010-09-25 15:36:18 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_37.dll

[2010-09-25 15:36:18 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll

[2010-09-25 15:36:18 | 000,681,472 | ---- | C] (KM-Software) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\msvcrt(DEBUG).dll

[2010-09-25 15:36:18 | 000,329,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DXErr.exe

[2010-09-25 15:36:18 | 000,209,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxcpl.exe

[2010-09-25 15:36:18 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxgi.dll

[2010-09-25 15:36:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmapi.dll

[2010-09-25 15:36:17 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll

[2010-09-25 15:36:17 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll

[2010-09-25 15:36:16 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll

[2010-09-25 15:36:16 | 001,162,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdllnew.dll

[2010-09-25 15:36:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll

[2010-09-25 15:36:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll

[2010-09-25 15:36:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll

[2010-09-25 15:36:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll

[2010-09-25 15:36:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll

[2010-09-25 15:36:16 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10.dll

[2010-09-25 15:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final

[2010-09-24 19:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Number Press

[2010-09-24 18:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win

[2010-09-20 15:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared

[2010-09-20 15:51:48 | 004,413,883 | ---- | C] (isSoft ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\isposa.exe

[2010-09-20 15:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPC

[2010-09-19 21:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Demo_NumberPress_win

[2010-09-19 20:32:17 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

[2010-09-19 20:32:16 | 000,059,472 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys

[2010-09-19 20:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro

[2010-09-19 20:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-09-19 19:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010-09-19 19:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP

[2010-09-19 19:53:37 | 000,661,808 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl

[2010-09-19 19:53:34 | 001,322,680 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys

[2010-09-19 19:53:34 | 000,230,928 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys

[2010-09-19 19:53:34 | 000,089,872 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys

[2010-09-19 19:53:34 | 000,036,368 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys

[2010-09-19 18:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010-09-19 16:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit

[2010-09-19 16:48:32 | 037,781,272 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit.exe

[2010-09-19 16:36:04 | 000,163,408 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2010-09-19 16:15:17 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\spybotsd162.exe

[2010-09-19 15:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Hijack Fix

[2010-09-19 15:59:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe

[2010-09-19 15:59:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE

[2010-09-19 15:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DesktopHijackFix

[2010-09-18 18:25:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.MAIN1\Recent

[2010-09-18 18:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean

[2010-09-18 16:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2010-09-18 16:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools

[2010-09-18 16:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Downloads

[2010-09-18 16:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\GetRightToGo

[2010-09-18 16:52:24 | 000,367,232 | ---- | C] (RegNow.com) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Download_7.0.0.538f-sdasetup-regnow201-AVP.exe

[2010-09-18 16:36:05 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sy@

[2010-09-18 16:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8

[2010-09-18 16:22:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-09-18 16:22:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-09-18 16:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-09-18 16:06:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010-09-18 16:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\PowerPad

[2010-09-18 16:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPad

[2010-09-18 16:01:40 | 007,247,857 | ---- | C] (Nathan Osman ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\PowerPad_1_3_0_0.exe

[2010-09-18 15:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ezbsedemo

[2010-09-18 15:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\PrintMergeNum

[2010-09-18 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Numbering

[2010-09-18 15:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Deployment

[2010-09-18 15:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ezbdemo

[2010-09-14 21:14:37 | 000,242,360 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\TeCtrl.dll

[2010-09-14 21:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared

[2010-09-13 16:38:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Banktown

[2010-09-12 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\GPKISecureWeb

[2010-09-10 18:08:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup.exe

[2010-09-10 17:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010-09-06 20:04:23 | 000,207,456 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npkcmsvc.exe

[2010-09-05 19:01:52 | 000,179,080 | ---- | C] (NKSolution) -- C:\WINDOWS\System32\uninst_everyclean.exe

[2010-09-05 18:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Auto Styling Plugin

[2010-09-05 18:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Cloud-Web

[2010-09-05 18:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb

[2010-09-05 18:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin

[2010-09-03 19:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Windows Search

[2010-09-03 17:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nate

[2010-09-03 17:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\NATEON

[2010-09-03 15:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\ClientKeeper

[2010-09-03 15:10:13 | 000,039,944 | ---- | C] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS

[2010-09-03 15:10:09 | 000,124,424 | R--- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKAgent.exe

[2010-09-03 15:10:08 | 000,390,456 | ---- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\XecureCK.dll

[2010-09-03 15:10:08 | 000,107,832 | ---- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKComObj.dll

[2010-09-03 15:10:06 | 000,177,464 | ---- | C] (SoftForum Co. Ltd.) -- C:\WINDOWS\System32\CKApp.dll

[2010-09-03 15:10:04 | 000,156,984 | ---- | C] (SoftForm Co. Ltd.) -- C:\WINDOWS\System32\Jrsoftcp.dll

[2010-09-03 15:10:03 | 000,316,728 | ---- | C] (Softforum Co. Ltd.) -- C:\WINDOWS\System32\CKCrypto.dll

[2010-08-31 17:25:22 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv9vcm.dll

[2010-08-31 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Ohmylove

[2010-08-31 16:49:22 | 000,147,456 | ---- | C] ((?)???????) -- C:\WINDOWS\System32\kcp_ansimclick.dll

[2010-08-30 20:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tcpip_optimize

[2010-08-30 20:42:42 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ccsetup235.exe

[2010-08-30 18:08:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup-1.46.exe

[2010-08-29 18:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\ASITE

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-09-27 19:39:26 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-09-27 18:22:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe

[2010-09-27 18:13:56 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\RKUnhookerLE.EXE

[2010-09-27 01:36:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010-09-26 20:42:00 | 000,000,668 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0db54a977e38.job

[2010-09-26 18:40:38 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\Internet Explorer\Quick Launch\????.url

[2010-09-26 18:40:38 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\????.url

[2010-09-26 17:02:50 | 000,048,345 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberPressPDF.pdf

[2010-09-26 16:57:55 | 000,003,231 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberingSettings.np3

[2010-09-26 16:26:53 | 000,000,009 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NumberPressPrefs3

[2010-09-26 16:26:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NP_PDF_FilePath

[2010-09-25 21:40:36 | 001,253,712 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\wlsetup-web.exe

[2010-09-25 21:04:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-09-25 21:04:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-09-25 21:03:21 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Administrator.MAIN1\NTUSER.DAT

[2010-09-25 21:03:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.MAIN1\ntuser.ini

[2010-09-25 19:48:43 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-09-25 19:37:16 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller.zip

[2010-09-25 19:36:33 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\GooredFix.exe

[2010-09-25 19:01:28 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\HiJackThis.lnk

[2010-09-25 19:00:35 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\HiJackThis.msi

[2010-09-25 18:59:36 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe

[2010-09-25 18:59:33 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE

[2010-09-25 18:06:55 | 004,807,904 | -H-- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\IconCache.db

[2010-09-25 15:36:19 | 000,003,016 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat

[2010-09-25 15:36:08 | 000,716,153 | ---- | M] () -- C:\WINDOWS\System32\unins000.exe

[2010-09-25 15:34:44 | 004,764,229 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final.zip

[2010-09-25 09:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-09-24 19:01:32 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NPSN3

[2010-09-24 19:00:38 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Number Press.lnk

[2010-09-24 18:50:55 | 013,085,859 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win.zip

[2010-09-20 15:52:12 | 004,413,883 | ---- | M] (isSoft ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\isposa.exe

[2010-09-19 20:18:57 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Trend Micro AntiVirus plus AntiSpyware.lnk

[2010-09-19 20:13:57 | 000,000,746 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-09-19 19:53:37 | 000,661,808 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl

[2010-09-19 19:53:34 | 000,089,872 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys

[2010-09-19 18:52:41 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-09-19 16:48:38 | 037,781,272 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit.exe

[2010-09-19 16:15:32 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\spybotsd162.exe

[2010-09-18 21:20:43 | 004,719,523 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean.zip

[2010-09-18 17:46:09 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Malwarebytes' Anti-Malware.lnk

[2010-09-18 17:29:21 | 000,367,232 | ---- | M] (RegNow.com) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Download_7.0.0.538f-sdasetup-regnow201-AVP.exe

[2010-09-18 16:03:37 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\powerpad.conf

[2010-09-18 16:02:14 | 007,247,857 | ---- | M] (Nathan Osman ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\PowerPad_1_3_0_0.exe

[2010-09-18 15:28:18 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\asentence.dat

[2010-09-16 22:02:54 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\September 2010? ?? ??.lnk

[2010-09-14 21:14:33 | 000,000,170 | ---- | M] () -- C:\WINDOWS\System32\npconf.md5

[2010-09-14 21:02:47 | 000,000,310 | ---- | M] () -- C:\WINDOWS\System32\npzupdate.conf

[2010-09-10 19:38:59 | 000,000,030 | ---- | M] () -- C:\Program Files\NOT

[2010-09-10 18:34:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup.exe

[2010-09-10 17:20:03 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sar_15_sfx.exe

[2010-09-10 16:52:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\CCleaner.lnk

[2010-09-10 16:52:20 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ccsetup235.exe

[2010-09-08 07:18:00 | 000,021,884 | ---- | M] () -- C:\WINDOWS\System32\teexcept.dat

[2010-09-06 21:32:01 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System32\p3downasx.asx

[2010-09-06 20:04:23 | 000,207,456 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npkcmsvc.exe

[2010-09-05 19:01:57 | 000,179,080 | ---- | M] (NKSolution) -- C:\WINDOWS\System32\uninst_everyclean.exe

[2010-09-04 19:51:09 | 000,000,106 | ---- | M] () -- C:\WINDOWS\msecure.ini

[2010-09-04 15:52:25 | 000,126,048 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\kcrtx86.sys

[2010-09-04 15:52:25 | 000,017,160 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSUKD25.SYS

[2010-09-04 15:52:24 | 000,039,944 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS

[2010-09-03 17:20:51 | 000,001,413 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\????.lnk

[2010-09-03 15:10:09 | 000,124,424 | R--- | M] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKAgent.exe

[2010-09-01 17:09:28 | 000,126,976 | ---- | M] () -- C:\WINDOWS\KbcWebDesk.ocx

[2010-08-31 16:49:22 | 000,147,456 | ---- | M] ((?)???????) -- C:\WINDOWS\System32\kcp_ansimclick.dll

[2010-08-30 20:55:49 | 000,047,452 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\cc_20100830_205544.reg

[2010-08-30 20:44:02 | 000,371,777 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tcpip_optimize.zip

[2010-08-30 18:08:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup-1.46.exe

[2010-08-30 17:02:57 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DelDomains.inf

[2010-08-29 17:12:46 | 000,908,624 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-08-29 17:12:46 | 000,479,364 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-08-29 17:12:46 | 000,279,968 | ---- | M] () -- C:\WINDOWS\System32\perfh012.dat

[2010-08-29 17:12:46 | 000,086,234 | ---- | M] () -- C:\WINDOWS\System32\perfc012.dat

[2010-08-29 17:12:46 | 000,079,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-09-27 18:23:21 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\EE1FB72E.exe

[2010-09-27 18:13:55 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\RKUnhookerLE.EXE

[2010-09-25 19:54:34 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010-09-25 19:37:15 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller.zip

[2010-09-25 19:01:03 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\HiJackThis.lnk

[2010-09-25 19:00:27 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\HiJackThis.msi

[2010-09-25 15:36:18 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg

[2010-09-25 15:36:16 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll

[2010-09-25 15:36:16 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll

[2010-09-25 15:36:16 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll

[2010-09-25 15:36:15 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll

[2010-09-25 15:36:15 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe

[2010-09-25 15:36:14 | 000,003,016 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat

[2010-09-25 15:34:42 | 004,764,229 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final.zip

[2010-09-24 19:01:32 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NPSN3

[2010-09-24 19:00:38 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Number Press.lnk

[2010-09-24 18:50:53 | 013,085,859 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win.zip

[2010-09-20 15:52:38 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL

[2010-09-19 21:22:48 | 000,048,345 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberPressPDF.pdf

[2010-09-19 21:15:31 | 000,003,231 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberingSettings.np3

[2010-09-19 21:03:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NP_PDF_FilePath

[2010-09-19 21:03:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NumberPressPrefs3

[2010-09-19 20:18:57 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Trend Micro AntiVirus plus AntiSpyware.lnk

[2010-09-19 02:16:56 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-09-18 18:05:04 | 004,719,523 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean.zip

[2010-09-18 16:22:22 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Malwarebytes' Anti-Malware.lnk

[2010-09-18 16:02:48 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\powerpad.conf

[2010-09-16 22:02:54 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\September 2010? ?? ??.lnk

[2010-09-14 21:14:37 | 000,021,884 | ---- | C] () -- C:\WINDOWS\System32\teexcept.dat

[2010-09-14 21:03:01 | 000,000,170 | ---- | C] () -- C:\WINDOWS\System32\npconf.md5

[2010-09-14 21:02:47 | 000,000,310 | ---- | C] () -- C:\WINDOWS\System32\npzupdate.conf

[2010-09-10 17:19:51 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sar_15_sfx.exe

[2010-09-05 19:00:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\asentence.dat

[2010-09-04 19:51:09 | 000,000,106 | ---- | C] () -- C:\WINDOWS\msecure.ini

[2010-09-04 17:58:32 | 001,443,224 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1061.dll

[2010-09-03 17:20:51 | 000,001,413 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\????.lnk

[2010-09-01 17:09:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\KbcWebDesk.ocx

[2010-08-31 17:56:45 | 000,000,030 | ---- | C] () -- C:\Program Files\NOT

[2010-08-30 20:55:46 | 000,047,452 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\cc_20100830_205544.reg

[2010-08-30 20:44:02 | 000,371,777 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tcpip_optimize.zip

[2010-08-30 20:43:21 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\CCleaner.lnk

[2010-08-30 19:42:51 | 000,000,249 | ---- | C] () -- C:\WINDOWS\System32\p3downasx.asx

[2010-08-30 17:02:56 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DelDomains.inf

[2010-08-28 19:42:46 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\fusioncache.dat

[2010-07-30 17:18:04 | 000,066,920 | ---- | C] () -- C:\WINDOWS\CMListControl.dll

[2010-07-07 17:10:16 | 000,000,135 | ---- | C] () -- C:\WINDOWS\pfwbase.INI

[2010-07-07 17:09:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PFW3.INI

[2010-07-07 17:09:12 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Averasell.ini

[2010-07-07 17:08:39 | 000,000,444 | ---- | C] () -- C:\WINDOWS\retailer.ini

[2010-06-17 16:06:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010-06-13 19:09:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\nod.dll

[2010-06-13 19:07:51 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini

[2010-06-13 19:07:45 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini

[2010-06-04 16:24:51 | 000,066,920 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll

[2010-04-29 15:09:00 | 000,032,257 | ---- | C] () -- C:\WINDOWS\System32\DWSocket_DefinePacket_NH.ini

[2010-04-29 11:04:58 | 000,000,313 | ---- | C] () -- C:\WINDOWS\System32\DWSocket_Set.ini

[2009-11-24 09:54:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll

[2009-10-30 04:25:25 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak

[2009-10-30 04:25:25 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll

[2009-10-30 04:15:54 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-10-30 02:26:42 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-10-30 02:24:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009-04-30 23:35:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009-04-10 13:19:32 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_JPN.dll

[2009-04-10 13:19:26 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_CHN.dll

[2009-04-10 13:19:20 | 000,103,904 | ---- | C] () -- C:\WINDOWS\System32\FU_ENG.dll

[2009-04-10 13:19:14 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_KOR.dll

[2009-04-06 17:16:34 | 000,596,512 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll

[2008-05-26 22:23:12 | 000,011,810 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008-05-26 22:23:10 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008-05-26 22:23:10 | 000,011,886 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008-03-20 05:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak

[2008-03-20 05:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll

[2008-03-13 02:19:56 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\netdrive.sys

[2008-02-28 16:45:20 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\KvpLoginUpCom.dll

[2004-06-23 12:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

[2003-08-28 15:44:28 | 000,000,211 | ---- | C] () -- C:\WINDOWS\drds.ini

[2001-08-29 08:00:00 | 000,192,560 | ---- | C] () -- C:\WINDOWS\System32\hfont.sys

[2001-08-29 08:00:00 | 000,056,505 | ---- | C] () -- C:\WINDOWS\System32\hbios.sys

[2001-08-29 08:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys

[2001-08-29 08:00:00 | 000,000,793 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys

========== LOP Check ==========

[2010-08-24 15:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\AppLauncher

[2010-09-24 19:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\BitTorrent

[2010-09-03 15:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\ClientKeeper

[2009-10-30 13:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Clunet

[2009-10-30 02:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\DAEMON Tools

[2009-11-09 16:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\DAEMON Tools Lite

[2009-10-30 02:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\DAEMON Tools Pro

[2010-09-18 16:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\GetRightToGo

[2009-11-12 18:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\GSplit

[2010-09-18 16:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\PowerPad

[2010-09-25 21:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\RayV

[2010-08-20 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Wdigm

[2010-08-28 18:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Windows Desktop Search

[2010-09-03 19:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Windows Search

[2009-10-30 03:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Wiz Solution

[2010-09-26 18:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Clunet

[2009-10-30 03:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite

[2010-09-23 10:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp

[2010-09-27 01:36:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009-05-03 12:22:31 | 000,000,037 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009-10-30 02:08:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2001-08-29 08:00:00 | 000,654,336 | RHS- | M] () -- C:\bootfont.bin

[2009-04-29 16:21:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009-06-13 04:11:26 | 002,565,056 | ---- | M] (IObit ) -- C:\DefragSetup.exe

[2007-08-07 00:35:10 | 000,005,325 | ---- | M] () -- C:\INISAFEWeb60.class

[2009-04-29 16:21:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009-04-29 16:21:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2007-08-07 00:35:10 | 000,155,776 | ---- | M] (INITECH ©) -- C:\npINISAFEWeb60.dll

[2007-08-07 00:35:12 | 000,004,034 | ---- | M] () -- C:\npINISAFEWeb60.xpt

[2004-08-03 09:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009-05-03 02:36:06 | 000,259,776 | RHS- | M] () -- C:\ntldr

[2010-09-25 21:04:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2009-06-10 05:44:54 | 001,079,272 | ---- | M] () -- C:\revosetup.exe

[2009-06-14 05:17:15 | 000,000,017 | ---- | M] () -- C:\selog.txt

[2009-06-17 03:20:20 | 000,194,896 | ---- | M] ((?)???? ???) -- C:\setup.exe

[2009-06-14 05:21:13 | 000,013,042 | ---- | M] () -- C:\smartupdatelog.txt

[2009-06-14 05:11:06 | 008,913,616 | ---- | M] () -- C:\tachysetup.exe

[2010-09-25 19:40:40 | 000,073,254 | ---- | M] () -- C:\TDSSKiller.2.4.2.1_25.09.2010_19.37.30_log.txt

[2010-06-28 21:16:46 | 000,000,138 | ---- | M] () -- C:\TKLog.log

[2009-06-13 04:49:02 | 000,261,295 | ---- | M] () -- C:\unlocker1.8.7.exe

[2010-08-04 17:06:52 | 000,001,926 | ---- | M] () -- C:\u_log.log

[2009-05-08 23:00:01 | 005,154,304 | ---- | M] () -- C:\WindowsDefender.msi

< %systemroot%\system32\*.dll /lockedfiles >

[2009-03-07 15:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll

[2009-03-07 15:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

[2001-08-29 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd101a.dll

[2001-08-17 01:55:56 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd103.dll

[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2009-10-30 11:01:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009-10-30 11:01:00 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009-10-30 11:01:00 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2010-07-19 14:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys

[2010-07-19 14:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys

[2010-07-19 14:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys

[2010-09-19 19:53:34 | 000,089,872 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008-07-06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp:DFC5A2B2

< End of report >

Hello Netizen

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

i did what you told me to do but data is enormous

OTL Extras logfile created on: 2010-09-27 ?? 6:24:38 - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator.MAIN1\My Documents

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000412 | Country: ???? | Language: KOR | Date Format: yyyy-MM-dd

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 52.66 Gb Free Space | 35.33% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 14.31 Gb Total Space | 13.65 Gb Free Space | 95.36% Space Free | Partition Type: FAT32

Computer Name: MAIN1

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [GomAudio.Add] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe /add "%1" ((?)???)

Directory [GomAudio.AddCur] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe /addcur "%1" ((?)???)

Directory [GomAudio.Play] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe "%1" ((?)???)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\OnDisk\OnDiskHighDown.exe" = C:\Program Files\OnDisk\OnDiskHighDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()

"C:\Program Files\OnDisk\ExpressService.exe" = C:\Program Files\OnDisk\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\ZioFile\ZioFileHighDown.exe" = C:\Program Files\ZioFile\ZioFileHighDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()

"C:\Program Files\ZioFile\ExpressService.exe" = C:\Program Files\ZioFile\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)

"C:\Program Files\Fdisk.co.kr\Fdisk(fast)\FdiskDown.exe" = C:\Program Files\Fdisk.co.kr\Fdisk(fast)\FdiskDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()

"C:\Program Files\Fdisk.co.kr\Fdisk(fast)\ExpressService.exe" = C:\Program Files\Fdisk.co.kr\Fdisk(fast)\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\OnDisk\OnDiskHighDown.exe" = C:\Program Files\OnDisk\OnDiskHighDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()

"C:\Program Files\OnDisk\ExpressService.exe" = C:\Program Files\OnDisk\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\ZioFile\ZioFileHighDown.exe" = C:\Program Files\ZioFile\ZioFileHighDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()

"C:\Program Files\ZioFile\ExpressService.exe" = C:\Program Files\ZioFile\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)

"C:\WINDOWS\system32\skcbgm.exe" = C:\WINDOWS\system32\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player -- (© SK Communications)

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\WINDOWS\system32\fscagent.exe" = C:\WINDOWS\system32\fscagent.exe:*:Enabled:???? ???? ?? -- (Nowcom Co., Ltd.)

"C:\Program Files\RayV\RayV\RayV.exe" = C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV -- (RayV)

"C:\Program Files\RayV\RayV\RayV.dll" = C:\Program Files\RayV\RayV\RayV.dll:*:Enabled:RayV -- (RayV)

"C:\Program Files\OnDisk\OnDiskDown.exe" = C:\Program Files\OnDisk\OnDiskDown.exe:*:Enabled:OnDiskDown -- (?????)

"C:\Program Files\QuickDownloadService\qdownservice.exe" = C:\Program Files\QuickDownloadService\qdownservice.exe:*:Enabled:QuickDownloadSvc -- (Innogrid, Inc)

"C:\Program Files\Fdisk.co.kr\Fdisk(fast)\FdiskDown.exe" = C:\Program Files\Fdisk.co.kr\Fdisk(fast)\FdiskDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()

"C:\Program Files\Fdisk.co.kr\Fdisk(fast)\ExpressService.exe" = C:\Program Files\Fdisk.co.kr\Fdisk(fast)\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\NATEON\BIN\NateOnMain.exe" = C:\Program Files\NATEON\BIN\NateOnMain.exe:*:Enabled:NATE ON -- (SK Communications)

"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live ??? ??

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{25203851-E8E6-497D-997A-56808936E6E5}" = Windows Live Call

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{2C63941E-7EBA-4024-9CEB-604ACE80E5BB}" = Windows Live ?? ???

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E1A672F-1E3C-4BF8-91BD-78FD5478EEA5}" = Microsoft .NET Framework 1.1 ??? ?? ?

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{564D4DC8-2D0F-4F95-BB3D-8C5EA7952DD7}" = Windows Live ??

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{697E41EA-AEBE-4B5F-884E-87B5CD6C70AC}" = ????

"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90120000-0010-0412-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Korean) 12

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-0412-0000-0000000FF1CE}" = Microsoft Office Access MUI (Korean) 2007

"{90120000-0015-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0412-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Korean) 2007

"{90120000-0016-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0412-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Korean) 2007

"{90120000-0018-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0412-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Korean) 2007

"{90120000-0019-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0412-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Korean) 2007

"{90120000-001A-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0412-0000-0000000FF1CE}" = Microsoft Office Word MUI (Korean) 2007

"{90120000-001B-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2007

"{90120000-001F-0412-0000-0000000FF1CE}_PROPLUS_{B017C4D5-E774-4A94-A8E3-380489B86F47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007

"{90120000-0028-0412-0000-0000000FF1CE}_PROPLUS_{15281683-B481-47B8-A981-7043F35441FF}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0412-0000-0000000FF1CE}" = Microsoft Office Proofing (Korean) 2007

"{90120000-0044-0412-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Korean) 2007

"{90120000-0044-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0412-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Korean) 2007

"{90120000-006E-0412-0000-0000000FF1CE}_PROPLUS_{54E2904F-86F8-459E-AADA-FE0D01DDDC5E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{949102BC-7C05-4902-A4AA-A3CC01CF5163}" = Windows Live ?? ???

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro AntiVirus

"{9F3F78EB-8C52-4D09-ADE2-BA82DB64D3ED}" = Windows Live ??? ???

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support

"{A9EB7CB8-AF4C-4B46-9FBF-1B866C5EF517}" = SecuWidgetRs ????

"{AC76BA86-7AD7-1042-7B44-A93000000001}" = Adobe Reader 9.3.3 - Korean

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver

"{B7D14513-966A-4EB1-AA48-70A9E0C0E9FA}_is1" = Number Press 5.0.1

"{B7F653CF-1BE5-4F40-BA4A-E3BBC6869116}" = ????2 Forever

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D5B157DC-8550-457E-8944-32E8C5693F7B}" = Windows Live Messenger

"{D8ED9FC9-5E05-4BFE-8219-73070F70FDBB}" = Windows Live Sync

"{E80F2EF6-1D18-4090-BBE1-C98F11E84EDE}" = Windows Live Writer

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F44CB7E4-870C-4021-B1F9-0CF352200519}_is1" = QuickDownloadService

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"11stIcon" = ?? ????, 11?? ???? ???

"???? ???" = ???? ???

"???? ???" = ???? ???

"???? ???????" = ???? ???????

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"All ATI Software" = ATI - Software Uninstall Utility

"ALToolBar_is1" = ???

"ALUpdate_is1" = ??? ????

"ALZip_is1" = ??

"ATI Display Driver" = ATI Display Driver

"Auto Mouse_is1" = Auto Mouse 1.3

"Auto Styling Plugin" = Auto Styling Plugin

"BitTorrent" = BitTorrent

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP

"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)

"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3

"DtsFilter" = DTS+AC3 ??

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"FormatFactory" = FormatFactory 2.50

"GOM Player" = ?????

"GomAudio" = ????

"GomTVHelper" = ?TV ??? ??

"GPKISM" = GPKISecureWeb

"GSplit3Set" = GSplit 3

"HanSetup" = ??? ?? ????

"HP Drive Key Boot Utility" = HP Drive Key Boot Utility

"ie8" = Windows Internet Explorer 8

"kdefense" = K-Defense8 Control - ??? ??

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MPEG2??(libmpeg2/mad)" = MPEG2??(libmpeg2/mad)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NateAddrSrch" = ??? ??? ??

"npkcxp" = nProtect KeyCrypt

"npnv4" = nProtect Netizen(remove only)

"Ohmylove" = ????? (Remove Only)

"Privacy Scanner Setup_is1" = ActiveX 1.0

"PROPLUS" = Microsoft Office Professional Plus 2007

"RayV" = RayV-MIM

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4

"Starcraft" = Starcraft

"TK_BadBall" = Game ???

"TK_ClubChat" = TKGame ????

"TK_ClubGostop" = Game ???

"TK_ClubPoker" = TKGame ????

"TK_FunMatgo" = Game ??

"TK_PozzleOnline" = Game ??

"TK_searcheye" = TKGame ???? ????

"UnINISafeWeb6" = INISafeWeb 6.0

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live ?? ???

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XecureCK" = ClientKeeper KeyPro with E2E for 32bit

"XecureWeb Control" = XecureWeb Control

"Yahoo! Companion" = ??! ??

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"OnDisk" = ????

"ZioFile" = ????

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2010-09-19 ?? 7:52:04 | Computer Name = MAIN1 | Source = Windows Search Service | ID = 3013

Description = ?? ?? ?? <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.MAIN1\MY DOCUMENTS\SYSCLEAN\TSC.PTN>?(?)

????? ? ????. ????: ?? ????, SystemIndex ???? ???: ???? ??? ??? ???? ????. (0x8007001f)

Error - 2010-09-19 ?? 7:52:04 | Computer Name = MAIN1 | Source = Windows Search Service | ID = 3013

Description = ?? ?? ?? <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.MAIN1\MY DOCUMENTS\SYSCLEAN\VSAPI32.DLL>?(?)

????? ? ????. ????: ?? ????, SystemIndex ???? ???: ???? ??? ??? ???? ????. (0x8007001f)

Error - 2010-09-19 ?? 7:52:04 | Computer Name = MAIN1 | Source = Windows Search Service | ID = 3013

Description = ?? ?? ?? <C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.MAIN1\MY DOCUMENTS\SYSCLEAN\VSAPI32.DLL>?(?)

????? ? ????. ????: ?? ????, SystemIndex ???? ???: ???? ??? ??? ???? ????. (0x8007001f)

Error - 2010-09-19 ?? 7:52:53 | Computer Name = MAIN1 | Source = Windows Search Service | ID = 3013

Description = ?? ?? ?? <C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\?? ??\????\MCAFEE\MCAFEE

?? ????.LNK>?(?) ????? ? ????. ????: ?? ????, SystemIndex ???? ???: ???? ??? ???

???? ????. (0x8007001f)

Error - 2010-09-19 ?? 7:58:22 | Computer Name = MAIN1 | Source = MsiInstaller | ID = 11500

Description = Product: SpyHunter -- Error 1500. Another installation is in progress.

You must complete that installation before continuing this one.

Error - 2010-09-20 ?? 3:53:27 | Computer Name = MAIN1 | Source = Application Error | ID = 1000

Description = ?? ?? ?? ???? iexplore.exe, ?? 8.0.6001.18702, ?? ?? ?? mshtml.dll,

?? 8.0.6001.18939, ?? ?? 0x00013fdf.

Error - 2010-09-20 ?? 7:27:40 | Computer Name = MAIN1 | Source = Application Error | ID = 1000

Description = ?? ?? ?? ???? ziofilehighdown.exe, ?? 2.0.1.19, ?? ?? ?? kernel32.dll,

?? 5.1.2600.5781, ?? ?? 0x00012afb.

Error - 2010-09-24 ?? 4:40:52 | Computer Name = MAIN1 | Source = Application Error | ID = 1000

Description = ?? ?? ?? ???? ziofilehighdown.exe, ?? 2.0.1.19, ?? ?? ?? kernel32.dll,

?? 5.1.2600.5781, ?? ?? 0x00012afb.

Error - 2010-09-24 ?? 6:15:47 | Computer Name = MAIN1 | Source = Application Error | ID = 1000

Description = ?? ?? ?? ???? ziofilehighdown.exe, ?? 2.0.1.19, ?? ?? ?? unknown,

?? 0.0.0.0, ?? ?? 0x0005014c.

Error - 2010-09-26 ?? 9:24:12 | Computer Name = MAIN1 | Source = Application Error | ID = 1000

Description = ?? ?? ?? ???? iexplore.exe, ?? 8.0.6001.18702, ?? ?? ?? mshtml.dll,

?? 8.0.6001.18939, ?? ?? 0x00109174.

[ System Events ]

Error - 2010-08-14 ?? 6:23:08 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001

Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony

???? ?????: %%1058

Error - 2010-08-14 ?? 6:23:08 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001

Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony

???? ?????: %%1058

Error - 2010-08-14 ?? 6:23:14 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001

Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony

???? ?????: %%1058

Error - 2010-08-14 ?? 6:23:18 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001

Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony

???? ?????: %%1058

Error - 2010-08-14 ?? 6:23:19 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001

Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony

???? ?????: %%1058

Error - 2010-08-14 ?? 6:23:25 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001

Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony

???? ?????: %%1058

Error - 2010-08-14 ?? 6:23:30 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001

Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony

???? ?????: %%1058

Error - 2010-08-14 ?? 10:55:15 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001

Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony

???? ?????: %%1058

Error - 2010-08-15 ?? 2:59:48 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001

Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony

???? ?????: %%1058

Error - 2010-08-15 ?? 4:49:27 | Computer Name = MAIN1 | Source = Service Control Manager | ID = 7001

Description = Remote Access Connection Manager ???? ?? ?? ??? ???? ?? Telephony

???? ?????: %%1058

< End of report >

Link to post
Share on other sites

i did what you told me to do. but data is enormous

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xB85C0000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 4124672 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0xBF0CA000 C:\WINDOWS\System32\ati3duag.dll 2666496 bytes (ATI Technologies Inc. , ati3duag.dll)

0x804D9000 C:\WINDOWS\system32\ntkrnlpa.exe 2068480 bytes (Microsoft Corporation, NT Kernel & System)

0x804D9000 PnpManager 2068480 bytes

0x804D9000 RAW 2068480 bytes

0x804D9000 WMIxWDM 2068480 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xB8C10000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1585152 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)

0xADDF7000 C:\WINDOWS\system32\DRIVERS\vsapint.sys 1318912 bytes (Trend Micro Inc., VsapiNT )

0xBF355000 C:\WINDOWS\System32\ativvaxx.dll 1134592 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)

0xB8A7F000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)

0xB9EB4000 PCI_PNP3966 995328 bytes

0xB9EB4000 spch.sys 995328 bytes

0xB9EB4000 sptd 995328 bytes

0xB89CF000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 720896 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xB9D2A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xB01B7000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB8499000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xB02D9000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xAD47D000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xADD86000 C:\WINDOWS\system32\DRIVERS\tmxpflt.sys 299008 bytes (Trend Micro Inc., Post Filter For XP)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)

0xACE47000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 258048 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)

0xB8563000 C:\WINDOWS\System32\Drivers\awkmg2wm.SYS 233472 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB8B7C000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 233472 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)

0xBF094000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)

0xB84F7000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB9E6E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xAD5EC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB9CFD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xAD220000 C:\WINDOWS\system32\drivers\tmcomm.sys 184320 bytes (Trend Micro Inc., TrendMicro Common Module)

0xB024F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB02B1000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xB9E18000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xB0191000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xAC56F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xB859C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB8BD8000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB8BB5000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xB028F000 C:\WINDOWS\System32\drivers\afd.sy@ 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806D2000 ACPI_HAL 131840 bytes

0x806D2000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB9DE0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB89AF000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )

0xB9E3E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xB9CE3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB9E00000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB0179000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xB9E9C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xB9DB7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB8538000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xACBAE000 C:\WINDOWS\system32\drivers\tmactmon.sys 90112 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)

0xB027A000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 86016 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))

0xADA01000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB854F000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xB8BFC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xB0332000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xB9DCE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xB9E5D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB8527000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xBA1D8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xBA1F8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xBA138000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xBA188000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xBA218000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xADB66000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xACD1F000 C:\WINDOWS\system32\drivers\tmevtmgr.sys 61440 bytes (Trend Micro Inc., TrendMicro Event Management Module)

0xBA2B8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xBA0B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xBA2C8000 C:\WINDOWS\system32\DRIVERS\ousb2hub.sys 57344 bytes (OrangeWare Corporation, USB 2.0 Hub Driver)

0xBA208000 C:\WINDOWS\system32\DRIVERS\redbook.sys 57344 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB8DB3000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)

0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xBA238000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xBA198000 C:\WINDOWS\system32\DRIVERS\tmpreflt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)

0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xBA228000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 49152 bytes (Microsoft Corporation, i8042 Port Driver)

0xB8DA3000 C:\WINDOWS\System32\Drivers\ousbehci.sys 49152 bytes (OrangeWare Corporation, USB 2.0 Enhanced Host Controller Driver)

0xBA258000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xBA168000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xB8D93000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xBA248000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xBA288000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xBA278000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xBA318000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xAD090000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)

0xBA0C8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xBA268000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xBA148000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xABEBC000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xBA178000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xBA400000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xBA380000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xBA468000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xBA4A8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xBA4A0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xBA470000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xBA490000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xBA438000 C:\WINDOWS\system32\npkakl.sys 24576 bytes (INCA Internet Co.,Ltd., nProtect KeyCrypt Driver)

0xBA370000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xBA378000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xBA480000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xBA488000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xBA478000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xBA3F8000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xBA398000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xADF89000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xAD4E8000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)

0xB9CAB000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xADD76000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xB8445000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xBA59C000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)

0xB9395000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xBA578000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xBA5A0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xBA54C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xBA5F8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xBA612000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xBA5F6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xBA5FA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xBA5CA000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xBA5FC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xBA5E0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xBA5E6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xBA671000 amdide.sys 4096 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)

0xBA73A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xBA7AD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xBA6BC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x899961F8 unknown_irp_handler 3592 bytes

0x8908C1F8 unknown_irp_handler 3592 bytes

0x890151F8 unknown_irp_handler 3592 bytes

0x899E01F8 unknown_irp_handler 3592 bytes

0x899981F8 unknown_irp_handler 3592 bytes

0x8979E1F8 unknown_irp_handler 3592 bytes

0x8981B1F8 unknown_irp_handler 3592 bytes

0x890E31F8 unknown_irp_handler 3592 bytes

0x896BB440 unknown_irp_handler 3008 bytes

0x897E9500 unknown_irp_handler 2816 bytes

0x89007500 unknown_irp_handler 2816 bytes

Link to post
Share on other sites

i did what you told me to do. but data is enormous

==============================================

>Stealth

==============================================

WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\Office\OIS12.pip

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\OIS\Toolbars.dat

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Cookies\administrator@blue.crossmedia.co[5].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Cookies\administrator@nate[6].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Cookies\administrator@tiara.daum[6].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Cookies\administrator@www.daum[6].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11F002FE-CA97-11DF-8699-0013D30D777A}.dat

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A6800B5E-CA96-11DF-8699-0013D30D777A}.dat

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D382D062-CA6B-11DF-8699-0013D30D777A}.dat::$DATA

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\OIS\OIScatalog.cag

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12831370120141454[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12832416150806336[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12839292350275598[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12840770690355169[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\1284619596_351[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\1285306137_974[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12855600940182816[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12855655130434366[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\12855740970096643[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\2010092749481_2010092820651[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\2010092750911_2010092820121[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\31299299685761072[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\400034(0)-550240_35677[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\blank[2].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\bs_hd_20100331[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\btn_paging3_next2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\btn_v03[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\bt_arrow_v03[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\bt_sendcheck[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\CKJeans7_100910_240x240_nate[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\coca_auth[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\cogle[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\CommonNameUI[5].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\CommonTextGNB[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\Common[3].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\Common[4].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\contentScroller[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\crossdomain[2].xml

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\dmimg_w1_bt2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\dmimg_w1_bt3[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\dmimg_w1_i01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\empty[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\expand_nor[1]

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\favicon[2].ico

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\fileAttach[1].css

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\fix_ad_right[2].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\help_box[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\hmEXAPI[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\h_ajax[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\h_event[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\ico_cmtsum2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\ico_minus[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\ico_plus_01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\ico_up[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\ico_v05[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\img_dot02[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\Index[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\i_ebts[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\jigu[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\l1_ationnet_com[3].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\List[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\loading_12[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\login[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\MailCompose[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\main_swf_20100125[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nak21_1_100924144249[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nanaichi_1_100907172900[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nano26634266317789072[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nano30756551545329072[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nano30756569306479072[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\nano30756589122964072[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\news_v20090930[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\num_v02[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\OhKf-Kzx0bw[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\pinkbanana_1_100618183650[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\post_20100804v1[2].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\RecentCookie[6].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\smartak[1].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\updown[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\97MQRVW1\vico_plus[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\12837520090498819[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1284456828_998[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\12845279600648736[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285293277_178[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285578981_908[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285598396_749[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285628739_984[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285630810_753[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285631433_688[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\1285632809_236[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\2010092366041_2010092485791[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\20100926_1285497350_43064800_1[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\201009280015[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\31303401261851072[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\31439103.2[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\8687(9)[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\bar_icon[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\bd_superex_280x150_11_2[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\bt_arrow_a01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\bt_function[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\cocodemiel_1_100915105828[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\CommonNameUI[2].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\CommonTextGNB[3].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\Common[2].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\Common[3].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\composeUI[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\daumeditor_hanmail.esc[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\daum_1_100701154920[2].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\daum_1_100730173902[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ddress_1_100913161933[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\display_dcm[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\dmimg_v3_ico2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\editor.esc[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\editor[1].css

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\embed[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\farucam_1_100913090901[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\favicon[3].ico

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\garma_1_100910145809[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\gerio_1_100827154406.23.01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\hanmailNew[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ib0610_1_100914122146[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ico_beple[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ico_bl01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ico_font_arrow[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ico_le01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ico_twitter[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ic_newletter[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\i_arrow03[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\i_readcaution[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\mcList[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\missjini_1_100906142610[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\nano30224995164511655[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\news_data_v20090930[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ogage_1_100927101853[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\OpenSearch[1].xml

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\PaperCatePlus[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\paper[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\retrievePersonAlert_forNate[1].asp

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\secure_common[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\sency_1_100908124854[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\set_ico_realtime_pop[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\set_title_svc5[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\style1_1_100914143038[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\stylegood_1_100830230101[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\styleonme_1_100924165344[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\tabswelcome[1]

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\tlswns562_1_100927130259[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\vintagebrothers_1_100914123259[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\ws2_room20_1_100907095910[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\EU26BSZM\zinif_1_100903125535[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\100928_091528659[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\1284952279_018[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\12853174910300467[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\12855655330566428[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\1285570966_445[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\12855722010672657[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\1285631047_071[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\2010092750911_2010092716551[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\2010092802010431742002[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\30157643507265655[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\31303330634096072[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\aden08_1_100924165541[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ade_imp[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\AdRectangleBanner[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\adSpace[3].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\adSpace[4].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ad_process[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bagazimuri_1_100917141233[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bg_layer_logout[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\btn_icon[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\btn_paging3_last2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bt_close[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bt_mail[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bt_period06_off[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\bt_period07_on[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ch_view[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\close_nor[2]

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\connect[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\cyLogout[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\daum_1_100903114215[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\djsdjs_1_100916133642[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\dmimg_w1_bar2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\dmimg_w1_bt5.[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\dmimg_w1_ch1[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\drag_bg_mid[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\endudqq1_1_100920160018[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\hanmail[1].css

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\help_16[1]

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\help_arrow_t[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\help_line[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ico_connecting[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ico_down[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ico_help_a01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ico_vs01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ioh0423[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\i_next[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\jsonStock[1].aspx

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\l1_ationnet_com[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\layer01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\list[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\List[2].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\minidaum2008[1].css

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\multiview[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\nano31377097320259072[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\nano31377957837024072[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\news@dual_enter_left_x22[1].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\news_data_v20090930[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\prototype[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\raa[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\rakun_1_100831151642[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\RealClickCPC[10].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\RecentCookie[6].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\searchWeatherInfo[2].xml

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\search_input_n[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\search_script_top_ci_100720[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\securelogin_nate[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\sonatural_1_100927104102[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\spe_roadview_v02[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\tx_btn[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\usedhunter_1_100916160311[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\userJS[1].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\ViewAD[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\wysiwyg_html[1].html

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\M1OLABNY\zinif_1_100909111052[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1264627875133_1[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285375604_542[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\12855436670177538[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285547182_652[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285571173_190[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285574928_249[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285630426_821[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285630712_042[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\1285631400_603[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\2010092745791_2010092716361[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\201009280444276486_b[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\30230082933164655[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\31291488724194072[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\activeXman2010[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\a_next[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bak_logo[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bar_mid[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\btn_refesh[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bt_login_s[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bt_mailsave[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bt_period03_off[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bt_regi_s[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bt_udel[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\bul_arrowdown02[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\b_mypeople[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\chocomom_1_100927185238[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\common[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\CyLogoutMsg[1].aspx

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\cyQuick[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\daum_1_100730173845[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\daum_1_100903111710[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\dee_220x170_v01_line[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\diet26_1_100805103751[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\dmimg_v3_ico1[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\dmimg_w1_ch[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\dnshop_1_100927170355[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\fashionplus_1_100927151135[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\gseshop_1_100927151306[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\h_util[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\ico_star_a001[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\ic_menu003[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\ic_plus[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\ikai_1_100920131843[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\jsonBgmList_v20091125[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\loading_17[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\login_ifrm_level[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\menuManager[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\minidaum_v01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\nano30230263086378655[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\onestyle_1_100901102022[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\reple_v201009[1].css

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\reply[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\rs_swf_20100125[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\searchWeatherInfo[1].xml

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\searchWeatherInfo[2].xml

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\shinhan_top_430x105_0916_1[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\ssamppongbros_1_100917223659[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\SSI_20100928005012_V[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\sugg[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\takugong_1_100924135234[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\theaction_1_100830155727[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\top[1]

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\tx_icon_img[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\tx_icon_img_disable[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\updown[6].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\userJS[1].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\userJS[2].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\vbt_save[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\websvc[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\MTEL7ENT\{img_src}[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\12831360520536778[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285565021_876[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\128557722473_1[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285581082458_1[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285629444_781[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285630259_175[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285632137_027[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1285632851_075[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\1[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\30195917940454655[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\31341570349459072[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\andstyle_1_100924135206[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\artcVod[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bg_box_v04[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bg_top_v01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\blank[2].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\btn_confirm02[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\btn_c_spread[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\btn_paging3_first2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_close_n[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_none[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_period02_off[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_release[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_search04[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\bt_sendcancel[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CommonNameUI[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CommonTab[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CommonTextGNB[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CY120323_10[1].eot

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CY123323_10[1].eot

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\CY126387_10[1].eot

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\cyWebFont[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\dmimg_v_bt4_n[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\dmimg_v_ico4[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\fix_ad_center[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\fix_ad_right_side[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\hanmailNew[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\hanmail[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\helloyunsu_1_100927121021[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\httpRequester[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\ico_arrow03[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\ico_dotline01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\img_color_n[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\list[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\loading2[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\MailCompose[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\MailLeft[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\mbox[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\nano30694254799670072[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\nano31051062991339072[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\news@dual_enter_right_x22[1].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\njoyny_1_100927165009[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\oneShot[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\rank[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\sendPost[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\set_ico_realtime_arrow[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\set_tit_connect4[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\shesnara_1_100913162223[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\Skin_bs_HD_255170_100331[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\Skin_top_general_430105_100118[2].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\tootoomall_1_100924181734[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\top_20100824v1[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\tx_icon_img_hovered[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\tx_icon_img_pushed[2].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\ui_common[1].css

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\uploader[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\userJS[1].txt

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\view[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\wotonet[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\SABN65YY\xSelect[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\100914_title_newletter[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1284534904_557[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1284952149_347[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\12853134830242505[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285574934_308[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285622193447_1[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285628681_407[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285628706_829[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285631227_674[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285631307_987[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\1285633247_044[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\20100901_seoul_430x105_b[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\30151666111947655[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\30166856421005655[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\30232343318198655[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\38843[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\46241[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\blank[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\boriboris_1_100927105548[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\btn_arrow_up[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\btn_login_v2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\btn_report3[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\bt_period04_off[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\bt_period05_off[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\cal_num01_m[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\coca_conf[1].xml

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\collapse_nor[2]

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\CommonNameUI_kr[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\Common[2].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\danilove_1_100907142459[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\daumtrans[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\dmimg_v3_ico1[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\dmimg_w1_bt1[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\dmimg_w1_bt6[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\dmimg_w1_i06[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\dnshop_1_100927135337[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\DraftSave[1].daum

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\ico_help_a02[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\ico_new[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\ico_persnal[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\i_auto[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\i_calendar[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\i_plus[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\jsonEmpasRealKeyword[1].aspx

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\jsonPopApps_v20100630[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\kookja_1_100927163645[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\leftmenu_on_b_n2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\livechat1[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\lotteimall_1_100927155620[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\luvme_1_100927101446[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\MailComposeFrame[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\mnu_v25[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\N2010092809114625301[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\nano30177982517913655[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\nano30231939449168655[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\nh_56x112_0813qt[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\prototype[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\raa[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\recent[1]

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\search[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\SecuWidgetRs[1].ver

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\SecuWidgetRs[2].ver

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\shespop_1_100909205231[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\sms[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\StarMarker[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\unset_cookie[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\vmUB-QeuyRoJ[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\xhrAES[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\yourfesta_1_100902175128[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\zJ07TEA-NLc[4].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1284619588_256[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1285306131_721[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\12855623710162384[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\12855663460637263[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1285580452_726[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1285630654_126[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1285632263_473[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\1285632679_329[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\2010092702010431742001[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\30145838707313655[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\30153959817487655[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\46241[2].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\4ezzi_1_100831163130[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\ActiveX[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\aorine1_1_100910163042[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bg_replay_tab[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bi_v4[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_add02[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_addre_spr02[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_delivery_a01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_del_a01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_icon[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_search02[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\bt_spam[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\close2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\coca[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\CommonNameUI[2].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\CommonTextGNB[3].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\CommonTextGNB[4].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\daum_1_100903113847[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\dong_woori_0924_595x100[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\fashionplus_1_100927161717[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\favicon[1].ico

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\folderManage[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\gseshop_1_100908095705[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\iamyurii_1_100830140919[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\ico_goodreply[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\ic_menu001[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\ic_new2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\im_wtool_02[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\istyle24_1_100927135913[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\i_next_dim[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\i_prev_dim[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\jsonGiftStore_v20090930[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\ldh1061_1_100916235908[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\loginoutClick[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\logo2010[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\lotte_1_100927164019[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\mailLeft[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\minidaum2008[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\nano30229621658295655[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\news@text_bottom2[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\news_v20090930[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\progress_01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\queenslook_1_100920091743[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\recent[1]

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\reg2[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\SameName_h_suggest[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\samsungmall_1_100924155342[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\search[4].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\section_common[1].css

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\set_ip[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\set_nate[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\shopping_data[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\superstari_1_100924135407[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\t2r_1_100917110547[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\tiara[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\xecure_blank[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UXIV83N1\Y1WKVJN2mjvXHNvXsiyl[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\100913_letter_new[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1283245263063491[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1284534990_021[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1285571095_971[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1285629599_255[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1285631984_945[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1285632789_076[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\1285633126_232[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\20100927n23626[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\30145335882079655[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\31290548370763072[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\31299621102471072[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\31341511177142072[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\31341525791742072[1].png

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\31439103.2[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\AC_RunActiveContent[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\adBOX[1].css

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\a_next02[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\a_pre02[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bgSearch_n[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bg[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bg_login2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bg_login_tab2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bl_bar[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bl_vline[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bl_vline[2].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\btn_l_input[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\btn_paging3_prev2[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\btn_user_find[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bt_all_a01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bt_arrow_01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bt_delbla[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bt_more_n[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\bt_search_n[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\cjmall_1_100927104230[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\CommonNameUI[2].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\CommonNameUI[3].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\CommonTextGNB[3].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\common[3].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\Common[4].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\Common_kr[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\gmarket_1_100927163636[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\ico_am03_n[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\ico_star_a004[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\iehouse_1_100923230207[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\img_colorbar_n[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\img_div_01[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\img_dot03[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\img_music[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\i_pre[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\l1_ationnet_com[2].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\login_20100817v1[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\minime_view[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\multiview[1].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\nano29568279477851655[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\nate_logout_v20091201[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\NewTabPageScripts[1]

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\pinkyfun_1_100927165434[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\rolling[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\search_txt[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\section_enter[1].css

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\Skin_top_blank_general_56112_100126[1].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\SSI_20100928084752_V[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\styleking7_1_100915150711[1].jpg

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\tiara[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\ticker[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\websvc[2].htm

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\xecure_nate[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\xecure_nate[2].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\xhrAES[1].js

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\zinif_1_100903130214[1].gif

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\V561I4DZ\zJ07TEA-NLc[3].swf

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\OIS\cacheFiles\bankinf_0.JPG

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF26FB.tmp

!-->[Hidden] C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DFC377.tmp

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\MSS0060E.log

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.ci

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.dir

!-->[Hidden] C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid

!-->[Hidden] C:\Downloads\2010???????????????100922\Thumbs.db

!-->[Hidden] C:\System Volume Information\_restore{80C5C6EA-B565-4F44-A018-8DB1B873AFA8}\RP21\A0007671.lnk

!-->[Hidden] C:\System Volume Information\_restore{80C5C6EA-B565-4F44-A018-8DB1B873AFA8}\RP21\A0007672.lnk

!-->[Hidden] C:\System Volume Information\_restore{80C5C6EA-B565-4F44-A018-8DB1B873AFA8}\RP21\A0007673.lnk

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x0006AA9A, Type: Inline - RelativeJump 0x80543A9A-->80543AA1 [ntkrnlpa.exe]

[1664]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F51218-->00000000 [shimeng.dll]

[1664]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77E210B4-->00000000 [shimeng.dll]

[1664]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[1664]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7D5A15A4-->00000000 [shimeng.dll]

[1664]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77CF133C-->00000000 [shimeng.dll]

[1664]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3F2314B0-->00000000 [shimeng.dll]

[1664]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719E109C-->00000000 [shimeng.dll]

[176]EXCEL.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C81495D-->00000000 [MSO.DLL]

[6100]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F51218-->00000000 [shimeng.dll]

[6100]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F51214-->00000000 [aclayers.dll]

[6100]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F5105C-->00000000 [aclayers.dll]

[6100]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F511E0-->00000000 [aclayers.dll]

[6100]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77E210B4-->00000000 [shimeng.dll]

[6100]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77E21084-->00000000 [aclayers.dll]

[6100]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77E21078-->00000000 [aclayers.dll]

[6100]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77E210B8-->00000000 [aclayers.dll]

[6100]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]

[6100]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]

[6100]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]

[6100]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]

[6100]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71981178-->00000000 [shimeng.dll]

[6100]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71981184-->00000000 [aclayers.dll]

[6100]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719811A0-->00000000 [aclayers.dll]

[6100]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7D5A15A4-->00000000 [shimeng.dll]

[6100]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7D5A13E8-->00000000 [aclayers.dll]

[6100]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7D5A163C-->00000000 [aclayers.dll]

[6100]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7D5A161C-->00000000 [aclayers.dll]

[6100]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7D5A15A0-->00000000 [aclayers.dll]

[6100]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77D0D0A3-->00000000 [ieframe.dll]

[6100]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x77D36D7D-->00000000 [ieframe.dll]

[6100]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77D12072-->00000000 [ieframe.dll]

[6100]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x77D1B144-->00000000 [ieframe.dll]

[6100]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x77D047AB-->00000000 [ieframe.dll]

[6100]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77CF133C-->00000000 [shimeng.dll]

[6100]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77CF12F4-->00000000 [aclayers.dll]

[6100]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77CF1208-->00000000 [aclayers.dll]

[6100]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77CF1340-->00000000 [aclayers.dll]

[6100]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x77D3085C-->00000000 [ieframe.dll]

[6100]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x77D30838-->00000000 [ieframe.dll]

[6100]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x77D1A082-->00000000 [ieframe.dll]

[6100]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x77D464D5-->00000000 [ieframe.dll]

[6100]iexplore.exe-->wininet.dll-->HttpOpenRequestA, Type: Inline - RelativeJump 0x3F24D508-->00000000 [McIEPlg.dll]

[6100]iexplore.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3F249088-->00000000 [McIEPlg.dll]

[6100]iexplore.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x3F24DEAE-->00000000 [McIEPlg.dll]

[6100]iexplore.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3F24654B-->00000000 [McIEPlg.dll]

[6100]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3F2314B0-->00000000 [shimeng.dll]

[6100]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3F2314B4-->00000000 [aclayers.dll]

[6100]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3F231450-->00000000 [aclayers.dll]

[6100]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3F231350-->00000000 [aclayers.dll]

[6100]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719E109C-->00000000 [shimeng.dll]

[6100]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719E10A8-->00000000 [aclayers.dll]

[896]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C7E0E27-->00000000 [mssrch.dll]

[896]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C7E0E2C [unknown_code_page]

[896]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C7E0E2D [unknown_code_page]

Link to post
Share on other sites

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

For you this means Windows-XP-WGA-Activation-Crack-reg-file and any torrent program needs to be deleted and or uninstalled.

Please do this before proceeding.

===================================

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    SRV - (EE1FB72E) -- C:\WINDOWS\system32\EE1FB72E.exe ()
    DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\45.tmp File not found

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

==========

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Here is Combofix report

ComboFix 10-09-27.05 - Administrator 2010-09-28 20:08:10.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.949.82.1042.18.1406.896 [GMT -4:00]

Running from: c:\documents and settings\Administrator.MAIN1\?? ??\ComboFix.exe

AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator.MAIN1\?? ??\?? ????, 11??.url

c:\documents and settings\Administrator.MAIN1\Favorites\?? ????, 11??.url

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin\auto_user.ini

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_book.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_cafename.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_img@sub1.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_map.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_daum_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_allblog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_cwlink.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_digg.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_flickr.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_metoday.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_mixsh.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_myspace.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_seq.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_spon20.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_spon20b.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_twitter.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_yahoonews.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_etc_youtube.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_allweb.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_bestweb.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_hotopic.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_qna.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_google_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_book.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_loc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_newsrank.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_qna.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_sementic.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_seq.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_shopping.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_nate_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_sranking.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\cloudweb_naver_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_book.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_cafename.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_img@sub1.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_map.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_daum_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_allblog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_cwlink.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_digg.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_flickr.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_metoday.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_mixsh.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_myspace.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_seq.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_spon20.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_spon20b.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_twitter.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_yahoonews.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_etc_youtube.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_font_home.cst

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_allweb.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_bestweb.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_hotopic.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_qna.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_google_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_book.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_loc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_newsrank.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_qna.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_sementic.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_seq.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_shopping.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_nate_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_sranking.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\daum_naver_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\define.dat

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\form_cst.template

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\form_data.form

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_cafename.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_img@sub1.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_bing_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_book.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_cafename.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_img@sub1.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_shopphow.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_daum_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_allblog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_cwlink.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_digg.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_flickr.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_metoday.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_mixsh.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_myspace.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_seq.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_spon20.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_spon20b.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_twitter.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_yahoonews.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_etc_youtube.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_font_home.cst

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_book.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_newsrank.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_qna.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_sementic.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_seq.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_shopping.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_nate_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_rsword.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_shoppinglist.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_sranking.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\google_naver_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_book.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_cafename.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_img@sub1.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_map.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_daum_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_allblog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_cwlink.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_digg.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_flickr.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_metoday.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_mixsh.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_myspace.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_seq.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_spon20.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_spon20b.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_twitter.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_yahoonews.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_etc_youtube.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_font_home.cst

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_allweb.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_bestweb.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_hotopic.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_qna.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_google_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_sranking.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\nate_naver_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_book.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_cafename.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_img@sub1.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_map.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_daum_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_allblog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_cwlink.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_digg.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_flickr.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_metoday.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_mixsh.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_myspace.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_seq.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_spon20.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_spon20b.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_tistory.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_twitter.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_yahoonews.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_etc_youtube.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_font_home.cst

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_allweb.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_bestweb.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_hotopic.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_qna.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_google_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_book.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_loc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_newsrank.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_qna.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_sementic.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_seq.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_shopping.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_nate_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_blog.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_cafe.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_img.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_kin.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_news.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_person.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_person2.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_related.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_site.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_sranking.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_video.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\naver_naver_webdoc.frm

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\site.dat

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\status.dat

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\user.ini

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\CloudWeb\version.dat

c:\documents and settings\Administrator.MAIN1\My Documents\cc_20100830_205544.reg

c:\documents and settings\Administrator.MAIN1\My Documents\cidaemon.exe

c:\documents and settings\Administrator\Application Data\hdnpatch.exe

c:\documents and settings\LocalService.NT AUTHORITY.005\Local Settings\Application Data\AutoStylingPlugin\auto_user.ini

c:\documents and settings\LocalService.NT AUTHORITY.005\Local Settings\Application Data\CloudWeb

c:\program files\AskSearch\bin\DefaultSearch.dll

c:\program files\Auto Styling Plugin\auto_plugin.dll

c:\program files\Auto Styling Plugin\info.url

c:\program files\Auto Styling Plugin\uninst.exe

c:\program files\Cloud-Web

c:\program files\Cloud-Web\cloud_uins.dat

c:\program files\Cloud-Web\homepage.url

c:\program files\Cloud-Web\intro.url

c:\program files\Cloud-Web\uninst.exe

c:\program files\Nate

c:\program files\Nate\AddressSearch\instcpl.ico

c:\program files\Nate\AddressSearch\intro.ico

c:\program files\Nate\AddressSearch\kl.dat

c:\program files\Nate\AddressSearch\uninstall.exe

C:\setup.exe

c:\windows\dhcp

c:\windows\system32\d3d10core.dll

c:\windows\system32\kernel32new.dll

c:\windows\system32\msvcrtnew.dll

c:\windows\system32\npkpdb.dll

c:\windows\system32\npz.ocx

.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))

.

2010-09-28 23:41 . 2010-09-28 23:41 -------- d-----w- C:\_OTL

2010-09-28 20:24 . 2010-09-28 20:24 -------- d-----w- c:\program files\Recuva

2010-09-25 23:52 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-09-25 23:40 . 2010-09-25 23:40 -------- d-----w- C:\TDSSKiller_Quarantine

2010-09-25 23:01 . 2010-09-25 23:01 388096 ----a-r- c:\documents and settings\Administrator.MAIN1\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-24 23:00 . 2010-09-24 23:00 -------- d-----w- c:\program files\Number Press

2010-09-20 21:46 . 2010-09-20 21:46 8675536 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip812.exe

2010-09-20 19:52 . 1999-01-20 09:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL

2010-09-20 19:52 . 2010-09-20 19:52 -------- d-----w- c:\program files\Common Files\Borland Shared

2010-09-20 19:51 . 2010-09-20 19:51 -------- d-----w- c:\program files\PowerPC

2010-09-20 00:32 . 2010-07-19 18:03 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2010-09-20 00:32 . 2010-07-19 18:03 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2010-09-20 00:18 . 2010-09-20 00:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Trend Micro

2010-09-20 00:17 . 2010-09-25 23:01 -------- d-----w- c:\program files\Trend Micro

2010-09-19 23:58 . 2010-09-19 23:58 -------- d-----w- c:\program files\Enigma Software Group

2010-09-19 23:53 . 2010-09-19 23:53 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys

2010-09-19 23:53 . 2010-07-30 17:29 249424 ----a-w- c:\windows\system32\drivers\tmxpflt.sys

2010-09-19 23:53 . 2010-07-30 17:29 36432 ----a-w- c:\windows\system32\drivers\tmpreflt.sys

2010-09-19 23:53 . 2010-07-30 17:06 1331512 ----a-w- c:\windows\system32\drivers\vsapint.sys

2010-09-19 22:01 . 2010-09-19 22:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-09-19 20:36 . 2010-07-19 18:02 163408 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-09-19 19:59 . 2010-09-25 23:27 -------- d-----w- c:\program files\Desktop Hijack Fix

2010-09-19 19:59 . 2010-09-25 22:59 249856 ------w- c:\windows\Setup1.exe

2010-09-19 19:59 . 2010-09-25 22:59 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-09-19 19:45 . 2010-09-18 20:25 1085208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.exe

2010-09-19 19:45 . 2010-09-18 20:25 587032 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgiproxy.exe

2010-09-19 19:45 . 2010-09-18 20:25 1437464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.dll

2010-09-19 19:45 . 2010-09-18 20:25 755992 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avginet.dll

2010-09-19 06:16 . 2010-09-19 22:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-19 02:15 . 2010-09-19 02:15 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.005\?? ??

2010-09-18 20:55 . 2010-09-19 21:31 -------- d-----w- c:\program files\Spyware Doctor

2010-09-18 20:55 . 2010-09-19 21:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PC Tools

2010-09-18 20:52 . 2010-09-18 20:54 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\GetRightToGo

2010-09-18 20:25 . 2010-09-19 20:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8

2010-09-18 20:22 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-18 20:22 . 2010-09-18 21:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-18 20:22 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-18 20:02 . 2010-09-18 20:02 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\PowerPad

2010-09-18 20:02 . 2010-09-18 20:03 -------- d-----w- c:\program files\PowerPad

2010-09-18 19:53 . 2010-09-20 19:47 -------- d-----w- c:\program files\PrintMergeNum

2010-09-18 19:48 . 2010-09-20 01:17 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\Deployment

2010-09-15 01:14 . 2010-09-08 11:18 21884 ----a-w- c:\windows\system32\teexcept.dat

2010-09-15 01:14 . 2010-06-16 15:47 242360 ----a-w- c:\windows\system32\TeCtrl.dll

2010-09-15 01:02 . 2010-09-15 01:14 -------- d-----w- c:\program files\Common Files\INCA Shared

2010-09-13 20:38 . 2010-09-13 20:38 -------- d--h--w- c:\program files\Banktown

2010-09-12 21:13 . 2010-09-12 21:13 -------- d-----w- c:\program files\GPKISecureWeb

2010-09-10 21:20 . 2010-09-10 21:20 -------- d-----w- c:\program files\Sophos

2010-09-07 00:04 . 2010-09-07 00:04 207456 ----a-w- c:\windows\system32\npkcmsvc.exe

2010-09-05 23:01 . 2010-09-05 23:01 179080 ----a-w- c:\windows\system32\uninst_everyclean.exe

2010-09-05 23:01 . 2010-09-29 00:12 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.005\Local Settings\Application Data\AutoStylingPlugin

2010-09-05 23:00 . 2010-09-18 19:28 28 ----a-w- c:\windows\system32\asentence.dat

2010-09-05 22:59 . 2010-09-29 00:12 -------- d-----w- c:\program files\Auto Styling Plugin

2010-09-05 22:59 . 2010-09-29 00:11 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin

2010-09-04 21:58 . 2010-08-12 19:26 1443224 ----a-w- c:\windows\system32\HanWebMsg1061.dll

2010-09-03 23:52 . 2010-09-03 23:52 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Windows Search

2010-09-03 21:20 . 2010-09-03 21:22 -------- d-----w- c:\program files\NATEON

2010-09-03 19:10 . 2010-09-03 19:10 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\ClientKeeper

2010-09-03 19:10 . 2010-09-04 19:52 39944 ----a-w- c:\windows\system32\JRSKD24.SYS

2010-09-03 19:10 . 2010-09-03 19:10 124424 ----a-r- c:\windows\system32\CKAgent.exe

2010-09-03 19:10 . 2009-10-15 23:54 107832 ----a-w- c:\windows\system32\CKComObj.dll

2010-09-03 19:10 . 2009-10-15 23:54 390456 ----a-w- c:\windows\system32\XecureCK.dll

2010-09-03 19:10 . 2009-10-15 23:54 177464 ----a-w- c:\windows\system32\CKApp.dll

2010-09-03 19:10 . 2009-10-15 23:54 156984 ----a-w- c:\windows\system32\Jrsoftcp.dll

2010-09-03 19:10 . 2009-10-15 23:54 316728 ----a-w- c:\windows\system32\CKCrypto.dll

2010-08-31 21:25 . 2003-06-23 15:44 1415680 ----a-w- c:\windows\system32\wmv9vcm.dll

2010-08-31 21:20 . 2010-09-05 20:35 -------- d-----w- c:\program files\Ohmylove

2010-08-31 20:49 . 2010-08-31 20:49 147456 ----a-w- c:\windows\system32\kcp_ansimclick.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-29 00:13 . 2009-06-09 09:53 -------- d-----w- c:\program files\QuickDownloadService

2010-09-28 22:18 . 2010-06-04 19:48 -------- d-----w- c:\program files\muhanfile

2010-09-28 19:03 . 2009-05-29 18:30 -------- d-----w- c:\program files\Windows Live

2010-09-28 00:18 . 2009-10-30 17:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Clunet

2010-09-26 01:42 . 2009-05-29 18:31 -------- d-----w- c:\program files\Microsoft

2010-09-26 01:04 . 2010-06-15 04:09 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\RayV

2010-09-25 22:09 . 2009-05-03 10:20 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-25 22:01 . 2009-10-30 06:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help

2010-09-25 19:36 . 2010-09-25 19:36 3016 ----a-w- c:\windows\system32\unins000.dat

2010-09-25 19:36 . 2010-09-25 19:36 716153 ----a-w- c:\windows\system32\unins000.exe

2010-09-24 23:18 . 2010-06-13 23:04 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\BitTorrent

2010-09-24 20:41 . 2010-06-04 19:58 -------- d-----w- c:\program files\ZioFile

2010-09-23 14:32 . 2009-10-30 17:40 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Temp

2010-09-20 01:01 . 2009-10-30 07:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2010-09-20 00:18 . 2009-10-30 06:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee

2010-09-20 00:17 . 2009-05-01 12:21 -------- d-----w- c:\program files\McAfee

2010-09-20 00:17 . 2009-05-01 12:21 -------- d-----w- c:\program files\Common Files\McAfee

2010-09-15 00:44 . 2009-11-09 21:57 -------- d-----w- c:\program files\NCLoader

2010-09-11 01:52 . 2010-06-05 23:08 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Malwarebytes

2010-09-11 01:52 . 2010-06-05 23:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2010-09-10 23:38 . 2010-08-31 21:56 30 ----a-w- c:\program files\NOT

2010-09-10 20:52 . 2009-04-29 20:48 -------- d-----w- c:\program files\CCleaner

2010-09-04 22:57 . 2010-07-16 23:59 -------- d-----w- c:\program files\iplus

2010-09-04 19:52 . 2010-07-20 00:39 17160 ----a-w- c:\windows\system32\JRSUKD25.SYS

2010-09-04 19:52 . 2010-07-20 00:39 126048 ----a-w- c:\windows\system32\kcrtx86.sys

2010-09-04 07:52 . 2009-06-30 18:05 -------- d-----w- c:\program files\OnDisk

2010-09-03 21:20 . 2009-04-29 20:30 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-29 22:20 . 2010-06-13 23:04 -------- d-----w- c:\program files\BitTorrent

2010-08-29 22:05 . 2010-08-29 22:04 -------- d-----w- c:\program files\ASITE

2010-08-29 21:12 . 2001-08-29 12:00 86234 ----a-w- c:\windows\system32\perfc012.dat

2010-08-29 21:12 . 2001-08-29 12:00 279968 ----a-w- c:\windows\system32\perfh012.dat

2010-08-29 00:13 . 2010-08-28 22:29 -------- d-----w- c:\program files\Windows Desktop Search

2010-08-28 23:42 . 2010-08-28 23:42 142 ----a-w- c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\fusioncache.dat

2010-08-28 23:39 . 2010-08-28 23:39 -------- d-----w- c:\program files\beefile.com

2010-08-28 23:04 . 2009-05-01 10:47 -------- d-----w- c:\program files\Microsoft.NET

2010-08-28 22:58 . 2010-08-28 22:58 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2010-08-28 22:49 . 2010-06-20 04:33 83992 ----a-w- c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-28 22:30 . 2010-08-28 22:30 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Windows Desktop Search

2010-08-28 22:27 . 2010-08-28 22:27 -------- d-----w- c:\program files\Windows Media Connect 2

2010-08-25 00:50 . 2010-08-25 00:50 -------- d-----w- c:\program files\FreeTime

2010-08-24 23:41 . 2010-08-24 23:33 -------- d-----w- c:\program files\QuickTime

2010-08-24 23:39 . 2010-08-24 23:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer

2010-08-24 23:37 . 2010-08-24 23:37 -------- d-----w- c:\program files\Common Files\Apple

2010-08-24 23:37 . 2010-08-24 23:37 -------- d-----w- c:\program files\Apple Software Update

2010-08-24 23:37 . 2010-08-24 23:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple

2010-08-24 19:52 . 2010-08-24 19:52 -------- d-----w- c:\program files\DataDoctorRecovery

2010-08-24 19:21 . 2010-08-23 19:50 770048 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\MakeBootable.exe

2010-08-24 19:21 . 2010-08-23 19:50 667648 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\Data Recovery.exe

2010-08-24 19:21 . 2010-08-23 19:50 561152 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\PCLock.exe

2010-08-24 19:21 . 2010-08-23 19:50 53248 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\WinLockDLL.dll

2010-08-24 19:21 . 2010-08-23 19:50 462848 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\SecretZip.exe

2010-08-24 19:21 . 2010-08-23 19:50 2695168 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\DataSync.exe

2010-08-24 19:21 . 2010-08-23 19:50 208896 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\Reset.exe

2010-08-24 19:21 . 2010-08-23 19:50 1294336 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher\LOCK.exe

2010-08-24 19:21 . 2010-08-23 19:50 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\AppLauncher

2010-08-23 20:00 . 2010-08-23 20:00 -------- d-----w- c:\program files\Compaq

2010-08-20 20:17 . 2010-07-20 00:04 73728 ----a-w- c:\windows\system32\kdfapi.dll

2010-08-20 20:17 . 2010-07-20 00:04 47104 ----a-w- c:\windows\system32\Kdfhok.dll

2010-08-20 20:17 . 2010-07-20 00:04 159744 ----a-w- c:\windows\system32\kdfmgr.exe

2010-08-20 19:48 . 2010-08-20 19:47 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Wdigm

2010-08-20 19:48 . 2010-08-20 19:47 707354 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Wdigm\unins000.exe

2010-08-17 20:10 . 2010-08-17 20:10 -------- d-----w- c:\program files\CREFREE

2010-08-17 13:17 . 2004-08-03 15:53 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-17 00:16 . 2010-08-17 00:16 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-05 20:14 . 2010-08-05 20:14 503808 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7100f383-n\msvcp71.dll

2010-08-05 20:14 . 2010-08-05 20:14 61440 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39dea26a-n\decora-sse.dll

2010-08-05 20:14 . 2010-08-05 20:14 499712 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7100f383-n\jmc.dll

2010-08-05 20:14 . 2010-08-05 20:14 348160 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7100f383-n\msvcr71.dll

2010-08-05 20:14 . 2010-08-05 20:14 12800 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-39dea26a-n\decora-d3d.dll

2010-07-30 21:16 . 2010-07-30 21:18 485320 ----a-w- c:\windows\skcppl.dll

2010-07-30 21:16 . 2010-07-30 21:18 296904 ----a-w- c:\windows\skcaset1.dll

2010-07-30 21:16 . 2010-07-30 21:16 296904 ----a-w- c:\windows\system32\skcaset1.dll

2010-07-30 21:16 . 2010-06-04 20:24 485320 ----a-w- c:\windows\system32\skcppl.dll

2010-07-23 19:11 . 2010-07-16 21:15 542040 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\ESTsoft\ALZip\ALAd.dll

2010-07-22 15:48 . 2004-08-03 15:53 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 06:19 . 2008-05-04 22:25 8192 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-20 00:37 . 2010-07-20 00:37 1093632 ----a-w- c:\windows\system32\inicrypto30.dll

2010-07-20 00:04 . 2010-07-20 00:04 61440 ----a-w- c:\windows\system32\kdfmod.dll

2010-07-20 00:04 . 2010-07-20 00:04 373248 ----a-w- c:\windows\system32\kdfinj.dll

2010-07-10 19:49 . 2010-07-10 20:00 361816 ----a-w- c:\documents and settings\Administrator.MAIN1\Application Data\ESTsoft\ALCM\ALCMUpdate.exe

2008-03-09 11:25 . 2010-09-25 19:36 236 ----a-w- c:\program files\Common Files\dx.reg

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"RayV"="c:\program files\RayV\RayV\RayV.exe" [2010-06-07 2561320]

"SecuWidgetRs.exe"="c:\program files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe" [2010-09-14 390328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]

"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\?? ??\????\??????\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]

Ime File REG_SZ IMKR12.IME

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\OnDisk\\OnDiskHighDown.exe"=

"c:\\Program Files\\OnDisk\\ExpressService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\ZioFile\\ZioFileHighDown.exe"=

"c:\\Program Files\\ZioFile\\ExpressService.exe"=

"c:\\WINDOWS\\system32\\skcbgm.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\fscagent.exe"=

"c:\\Program Files\\RayV\\RayV\\RayV.exe"=

"c:\\Program Files\\RayV\\RayV\\RayV.dll"=

"c:\\Program Files\\OnDisk\\OnDiskDown.exe"=

"c:\\Program Files\\QuickDownloadService\\qdownservice.exe"=

"c:\\Program Files\\Fdisk.co.kr\\Fdisk(fast)\\FdiskDown.exe"=

"c:\\Program Files\\Fdisk.co.kr\\Fdisk(fast)\\ExpressService.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 ?? 1:16 130384]

R2 ExpressService;ExpressService;c:\program files\ZioFile\ExpressService.exe [2009-10-05 ?? 8:49 1306624]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-09-18 ?? 4:22 304464]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [2010-06-05 ?? 4:18 88176]

R2 npkakl;npkakl;c:\windows\system32\npkakl.sys [2010-03-09 ?? 11:17 31328]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2009-10-30 ?? 2:23 45824]

R2 QuickDownload Agent;QuickDownload Agent;c:\program files\QuickDownloadService\qdownagent.exe [2009-06-09 ?? 5:53 110592]

R2 QuickDownload Service;QuickDownload Service;c:\program files\QuickDownloadService\qdownservice.exe [2009-06-09 ?? 5:53 106496]

R2 QuickDownload Update;QuickDownload Update;c:\program files\QuickDownloadService\qdownupdate.exe [2009-06-09 ?? 5:53 94208]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-09-19 ?? 7:53 36432]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 ?? 6:19 13592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-09-18 ?? 4:22 20952]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2009-10-30 ?? 2:23 56960]

R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-09-19 ?? 8:32 51792]

R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-09-19 ?? 8:32 689416]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 ?? 7:22 136176]

S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-09-03 ?? 3:10 39944]

S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-07-19 ?? 8:39 126048]

S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 ?? 1:16 753504]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-10-30 ?? 2:26 691696]

.

Contents of the 'Scheduled Tasks' folder

2010-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0db54a977e38.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 23:22]

2010-09-29 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 10:20]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: {{71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmal...;tid=1000105205

DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab

DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61.cab

DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab

DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://image.cjmall.com/initech/plugin/download_2010/INIS60.cab

DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} - hxxp://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB

DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxps://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab

DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} - hxxp://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cab

DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1_20091109.cab

DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cab

DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} - hxxp://imbbs.imbc.com/controls/BBSFileUpload.cab

DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://members.hangame.com/common/CKKeyProInst.cab

DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} - hxxp://www.nhis.co.kr/real/DWSocket_NH.cab

DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} - hxxp://143.248.182.120/applex_wdigm/activex//PrivacyScannerXP.cab

DPF: {79419762-2D03-48F8-A63E-0544D95143DE} - hxxp://www.x2game.com/Control/AutoPatchOCX.cab

DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} - hxxp://wo.tk.co.kr/webstarter/webstarter.cab

DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} - hxxp://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cab

DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://gcc.nefficient.co.kr/gcc/vista/xecureweb/v7.2.3.3/xw_install.cab

DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab

DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} - hxxp://cs.hangame.com/hangame/js/mail/HGReport.cab

DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} - hxxp://ziofile.com/setver/ZioFileControl.cab

DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://pann.nate.com/html/editor/CyPictureU.cab?20090430

DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} - hxxp://www.bomul.com/common/InnoFD/bomul_zdnet.cab

DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab

DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} - hxxp://beefile.com/mmsv/BeefileWebControl.CAB

DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/kdfense8237.cab

DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab

DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} - hxxp://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cab

DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} - hxxp://ssl.makeshop.co.kr/ssl/MSecure.cab

DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} - hxxp://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cab

DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://id.hangame.com/common/HanSetup1030.cab

DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} - hxxp://muhanfile.net/p2p/ActiveX/SeverFileX.ocx

DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab

DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} - hxxp://218.55.98.92/appx/pdpopax.cab

DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} - hxxps://plugin.inicis.com/banktown/wallet/plugin/BtPmntClient.cab

DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab

DPF: {E92BD7ED-2045-4EFD-BB85-46444C9F738C} - hxxps://dn2.realscan.co.kr/data/realscan/RealScan_Launcher.cab

DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} - hxxp://toolbar.imbc.com/toolbar/setup/MBCXeb.cab

DPF: {F67C8301-3928-4CAC-8914-16363551D293} - hxxp://www.iprovest.com/wts/object/KbcWeb.cab

DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} - hxxp://i-plus.jssearch.net/ActiveX/IPlusInstall.cab

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

AddRemove-Auto Styling Plugin - c:\program files\Auto Styling Plugin\uninst.exe

AddRemove-NateAddrSrch - c:\program files\Nate\AddressSearch\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-28 20:13

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sy@"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1677128483-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,90,47,59,e3,fe,31,42,a6,3c,a2,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,7d,fd,11,f6,e8,ff,48,ba,41,92,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,d7,93,f5,38,36,55,4c,81,28,b9,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\IMKR12.IME

.

Completion time: 2010-09-28 20:16:25

ComboFix-quarantined-files.txt 2010-09-29 00:16

Pre-Run: 65,371,971,584 ??? ??

Post-Run: 66,786,971,648 ??? ??

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 46337C22B5FC969755C986DC66E8A0D4

Link to post
Share on other sites

Here is OTL report

All processes killed

========== OTL ==========

Error: No service named EE1FB72E was found to stop!

Service\Driver key EE1FB72E not found.

File C:\WINDOWS\system32\EE1FB72E.exe not found.

Service MEMSWEEP2 stopped successfully!

Service MEMSWEEP2 deleted successfully!

File C:\WINDOWS\System32\45.tmp File not found not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 57798738 bytes

->Temporary Internet Files folder emptied: 33707464 bytes

->Java cache emptied: 25493434 bytes

->Flash cache emptied: 735 bytes

User: Administrator.MAIN1

->Temp folder emptied: 56300039 bytes

->Temporary Internet Files folder emptied: 62869399 bytes

->Java cache emptied: 145269 bytes

->Flash cache emptied: 10477 bytes

User: Administrator.MAIN1.003

->Temp folder emptied: 38082319 bytes

->Temporary Internet Files folder emptied: 5928475 bytes

->Flash cache emptied: 405 bytes

User: ADMINI~1~MAI

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 15505872 bytes

->Flash cache emptied: 633 bytes

User: LocalService.NT AUTHORITY.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY.001

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY.002

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY.003

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 157423 bytes

User: LocalService.NT AUTHORITY.004

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 869987 bytes

User: LocalService.NT AUTHORITY.005

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 461541 bytes

->Flash cache emptied: 618 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes

User: NetworkService.NT AUTHORITY.000

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY.001

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY.002

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY.003

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY.004

->Temp folder emptied: 314934 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY.005

->Temp folder emptied: 72160 bytes

->Temporary Internet Files folder emptied: 140680 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 3328762 bytes

%systemroot%\System32 .tmp files removed: 946052 bytes

%systemroot%\System32\dllcache .tmp files removed: 235008 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 41351764 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytes

RecycleBin emptied: 1468460865 bytes

Total Files Cleaned = 1,729.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 09282010_194109

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\Perflib_Perfdata_684.dat not found!

C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF1CF1.tmp moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF2006.tmp moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF2019.tmp moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF22D7.tmp moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DF22EA.tmp moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\iframe[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\Content.IE5\UDX4QPRY\index[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

=====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Link to post
Share on other sites

Okay~

Here is a report. When I was scanned..there was Trojan.Fake alert. something..

But there is no indication of any infection on the report.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4713

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2010-09-28 ?? 9:35:17

mbam-log-2010-09-28 (21-35-17).txt

Scan type: Quick scan

Objects scanned: 260006

Time elapsed: 23 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Here is Kaspersky scan report

KASPERSKY ONLINE SCANNER 7.0: scan report

Saturday, October 2, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, October 01, 2010 18:48:05

Records in database: 4270541

Scan settings

scan using the following database extended

Scan archives yes

Scan e-mail databases yes

Scan area My Computer

C:\

D:\

E:\

F:\

G:\

H:\

Scan statistics

Objects scanned 89387

Threats found 4

Infected objects found 20

Suspicious objects found 0

Scan duration 10:23:51

File name Threat Threats count

C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\BIN\atiicdxx.exe Infected: Virus.Win32.Virut.ce 1

C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\BIN\UpdatPnP.exe Infected: Virus.Win32.Virut.ce 1

C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\GARTnt\atiicdxx.exe Infected: Virus.Win32.Virut.ce 1

C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\HSFp_WinXP64\Setup64.exe Infected: Virus.Win32.Virut.ce 1

C:\Downloads\starcraft\??\??+???+??[1].zip Infected: Backdoor.Win32.Bifrose.dbzz 1

C:\Downloads\starcraft\??\??????3.6(simple).exe Infected: Backdoor.Win32.Bifrose.dbzz 1

C:\System Volume Information\_restore{0C2733B7-86FB-4FD5-A3FC-B25185BEDB4E}\RP1\A0000034.exe Infected: Virus.Win32.Virut.ce 1

C:\System Volume Information\_restore{0C2733B7-86FB-4FD5-A3FC-B25185BEDB4E}\RP1\A0000070.exe Infected: Virus.Win32.Virut.ce 1

C:\System Volume Information\_restore{50C6A1F2-ACB2-44AC-B040-1B354ACBE47A}\RP1\A0000036.exe Infected: Virus.Win32.Virut.ce 1

C:\System Volume Information\_restore{50C6A1F2-ACB2-44AC-B040-1B354ACBE47A}\RP1\A0000072.exe Infected: Virus.Win32.Virut.ce 1

C:\System Volume Information\_restore{50C6A1F2-ACB2-44AC-B040-1B354ACBE47A}\RP1\A0000191.exe Infected: Virus.Win32.Virut.ce 1

C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000162.exe Infected: Virus.Win32.Virut.ce 1

C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000339.exe Infected: Trojan-Downloader.Win32.Agent.ebsw 1

C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000349.exe Infected: Trojan-Downloader.Win32.Agent.ebsw 1

C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000415.exe Infected: Trojan-Downloader.Win32.Agent.ebsw 1

C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000422.exe Infected: Trojan-Downloader.Win32.Agent.ebsw 1

C:\System Volume Information\_restore{677E5109-7917-47A9-BB19-21B0C3428117}\RP2\A0000466.exe Infected: Virus.Win32.Virut.ce 1

C:\System Volume Information\_restore{78CE242E-D2F4-400E-8109-8BE32DD5C48A}\RP1\A0000030.exe Infected: Virus.Win32.Virut.ce 1

C:\System Volume Information\_restore{78CE242E-D2F4-400E-8109-8BE32DD5C48A}\RP1\A0000066.exe Infected: Virus.Win32.Virut.ce 1

C:\System Volume Information\_restore{80C5C6EA-B565-4F44-A018-8DB1B873AFA8}\RP1\A0000103.exe Infected: P2P-Worm.Win32.Palevo.awhi 1

Selected area has been scanned.

Link to post
Share on other sites

Please delete these files:

C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\BIN\atiicdxx.exe

C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\BIN\UpdatPnP.exe

C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\219\GARTnt\atiicdxx.exe

C:\Documents and Settings\Administrator.MAIN1\My Documents\Downloads\HSFp_WinXP64\Setup64.exe

C:\Downloads\starcraft\??\??+???+??[1].zip

C:\Downloads\starcraft\??\??????3.6(simple).exe

Careful not to run any of those that is a very dangerous infection it will ruin your system.

So make sure to be careful in handling those.

=============

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Link to post
Share on other sites

Here is OTL report

OTL logfile created on: 2010-10-02 ?? 7:34:42 - Run 3

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator.MAIN1\My Documents

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000412 | Country: ???? | Language: KOR | Date Format: yyyy-MM-dd

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 66.25 Gb Free Space | 44.45% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 931.51 Gb Total Space | 36.99 Gb Free Space | 3.97% Space Free | Partition Type: NTFS

Drive J: | 14.31 Gb Total Space | 11.53 Gb Free Space | 80.59% Space Free | Partition Type: FAT32

Computer Name: MAIN1

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\ZioFile\ExpressService.exe (ExpressService)

PRC - C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe (CREFREE Co., Ltd.)

PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

PRC - C:\Program Files\RayV\RayV\RayV.exe (RayV)

PRC - C:\Program Files\muhanfile\muhanfileClient.exe (PIPIS Media)

PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\QuickDownloadService\qdownservice.exe (Innogrid, Inc)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\QuickDownloadService\qdownagent.exe (Innogrid, Inc)

PRC - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

PRC - C:\Program Files\QuickDownloadService\qdownupdate.exe (Innogrid, Inc)

PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)

PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\IMKR12.IME (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (ExpressService) -- C:\Program Files\ZioFile\ExpressService.exe (ExpressService)

SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)

SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)

SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (QuickDownload Service) -- C:\Program Files\QuickDownloadService\qdownservice.exe (Innogrid, Inc)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (QuickDownload Agent) -- C:\Program Files\QuickDownloadService\qdownagent.exe (Innogrid, Inc)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (QuickDownload Update) -- C:\Program Files\QuickDownloadService\qdownupdate.exe (Innogrid, Inc)

SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- C:\WINDOWS\System32\drivers\TfSysMon.sys File not found

DRV - (TfNetMon) -- C:\WINDOWS\System32\drivers\TfNetMon.sys File not found

DRV - (TfFsMon) -- C:\WINDOWS\System32\drivers\TfFsMon.sys File not found

DRV - (scsk5) -- C:\WINDOWS\System32\drivers\scsk5.sys File not found

DRV - (neokdss) -- C:\WINDOWS\System32\Drivers\neokdss.sys File not found

DRV - (catchme) -- C:\DOCUME~1\ADMINI~1.MAI\LOCALS~1\Temp\catchme.sys File not found

DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (kcrtx86) -- C:\WINDOWS\system32\kcrtx86.sys (Kings Information & Network)

DRV - (JRSKD24) -- C:\WINDOWS\system32\JRSKD24.SYS (SoftForum Corporation)

DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)

DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)

DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)

DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)

DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (npkakl) -- C:\WINDOWS\system32\npkakl.sys (INCA Internet Co.,Ltd.)

DRV - (NOWMEMDF) -- C:\WINDOWS\system32\nowmemdf.sys (©NOWCOM)

DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sy@ (Microsoft Corporation)

DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ousb2hub) -- C:\WINDOWS\system32\drivers\ousb2hub.sys (OrangeWare Corporation)

DRV - (ousbehci) -- C:\WINDOWS\system32\drivers\ousbehci.sys (OrangeWare Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ko

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 08 8B 24 1C 5D CB 01 [binary data]

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-02 17:26:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-02 17:25:46 | 000,000,000 | ---D | M]

[2010-10-02 16:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Extensions

[2010-10-02 16:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010-10-02 16:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Firefox\Profiles\j5s9qsp7.default\extensions

[2010-10-02 17:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-10-02 17:25:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010-08-24 22:38:21 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010-08-24 22:38:21 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010-08-24 22:38:21 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010-08-24 20:56:13 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010-08-24 20:56:13 | 000,004,573 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\danawa-kr.xml

[2010-08-24 20:56:13 | 000,007,980 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\daum-kr.xml

[2010-08-24 20:56:13 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010-08-24 20:56:13 | 000,004,262 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\naver-kr.xml

[2010-08-24 20:56:13 | 000,001,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-kr.xml

[2010-08-24 20:56:13 | 000,001,103 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-kr.xml

O1 HOSTS File: ([2010-09-28 20:12:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (?TV ???) - {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)

O2 - BHO: (ALToolbarBho Class) - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)

O3 - HKLM\..\Toolbar: (??! ??) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (??(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (??(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (??(&L)) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Korean IME Migration] C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)

O4 - HKCU..\Run: [secuWidgetRs.exe] C:\Program Files\CREFREE\SecuWidgetRs\SecuWidgetRs.exe (CREFREE Co., Ltd.)

O4 - HKLM..\RunOnce: [NoIE4StubProcessing] File not found

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\?? ??\????\??????\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)

O9 - Extra 'Tools' menuitem : ?TV ??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)

O9 - Extra Button: ????? ?? ?? - {0A07354E-A092-490f-9597-BA096721A26D} - Reg Error: Key error. File not found

O9 - Extra Button: ?? ????, 11?? - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} http://sticube.clubbox.co.kr/sticubeupdate...NowStarter2.cab (NowStarter2 Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} https://plugin.inicis.com/wallet61/INIwallet61.cab (INIwallet61 Control)

O16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} http://ondisk.co.kr/setup/OnDiskWebControl.cab (OnDisk File Control)

O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://image.cjmall.com/initech/plugin/dow...2010/INIS60.cab (INISAFEWeb6 V6 Class)

O16 - DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} http://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB (Fdisk File Control 1)

O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} https://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab (XPayMPIOCX Control)

O16 - DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} http://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cab (GPKIInstallerX Class)

O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} http://download.netmarble.net/ActiveX/NMAu....1_20091109.cab (NetmarbleAutoUpdater Class)

O16 - DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} https://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cab (NCLoaderCtl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1256884841828 (WUWebControl Class)

O16 - DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} http://imbbs.imbc.com/controls/BBSFileUpload.cab (BBSFileUpload Control)

O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} https://members.hangame.com/common/CKKeyProInst.cab (XecureCKKB Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1256985826281 (MUWebControl Class)

O16 - DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} http://www.nhis.co.kr/real/DWSocket_NH.cab (DWSocket Control)

O16 - DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} http://143.248.182.120/applex_wdigm/active...cyScannerXP.cab (PrivacyScannerXP Control)

O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} http://www.x2game.com/Control/AutoPatchOCX.cab (AutoPatchOCX Control)

O16 - DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} http://wo.tk.co.kr/webstarter/webstarter.cab (WebStarter Control)

O16 - DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} http://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cab (OmlUMngClnt Class)

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://gcc.nefficient.co.kr/gcc/vista/xecu.../xw_install.cab (XecureWeb 4.0 Client Control)

O16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} http://download.netmarble.net/ActiveX/NMAu...nfo_1.0.0.1.cab (NetmarbleSystemIDInfo Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} http://cs.hangame.com/hangame/js/mail/HGReport.cab (SpecAnalyzer Class)

O16 - DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} http://ziofile.com/setver/ZioFileControl.cab (Zio File Control)

O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://pann.nate.com/html/editor/CyPictureU.cab?20090430 (CyImage Class)

O16 - DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} http://www.bomul.com/common/InnoFD/bomul_zdnet.cab (MainCtrl Class)

O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab (V3D Client Control)

O16 - DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} http://beefile.com/mmsv/BeefileWebControl.CAB (Beefile File Share Control 1)

O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} http://download.netmarble.net/kdefence/kdfense8237.cab (Kdfense8 Control)

O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.com/sayclub/sayctl/sayax.cab (Sayclub Login Control)

O16 - DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} http://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cab (FileUpload_Invil Control)

O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop.co.kr/ssl/MSecure.cab (MakeShop Secure Control)

O16 - DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} http://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cab (KVPLoginCtl Control)

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://id.hangame.com/common/HanSetup1030.cab (HanSetupCtrl1010 Class)

O16 - DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} http://muhanfile.net/p2p/ActiveX/SeverFileX.ocx (AXServerFileX Control)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} http://cyimg7.cyworld.com/cymusic/package/skcinst.cab (SKCInst1 Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} http://218.55.98.92/appx/pdpopax.cab (MyPdpopAX Class)

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} https://supdate.nprotect.net/nprotect2007/k...kcx_1004271.cab (NPKCX Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} https://plugin.inicis.com/banktown/wallet/p...tPmntClient.cab (BtPmntClient Class)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photoup...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab (KvpIspCtlD Control)

O16 - DPF: {E92BD7ED-2045-4EFD-BB85-46444C9F738C} https://dn2.realscan.co.kr/data/realscan/Re...an_Launcher.cab (Reg Error: Key error.)

O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} https://web.teledit.com/Sign/SKCommAX.cab (SKCommAX Control)

O16 - DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} http://toolbar.imbc.com/toolbar/setup/MBCXeb.cab (MBCXeb Control)

O16 - DPF: {F67C8301-3928-4CAC-8914-16363551D293} http://www.iprovest.com/wts/object/KbcWeb.cab (KbcWebDesk Control)

O16 - DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} http://i-plus.jssearch.net/ActiveX/IPlusInstall.cab (AxIPlusInstall)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-05-03 12:22:31 | 000,000,037 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-10-02 17:03:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010-10-02 16:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\????

[2010-10-02 16:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Mozilla

[2010-10-02 16:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla

[2010-09-28 20:21:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010-09-28 20:06:53 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010-09-28 20:03:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010-09-28 20:03:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010-09-28 20:03:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010-09-28 20:03:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010-09-28 20:01:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010-09-28 19:59:26 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010-09-28 19:41:09 | 000,000,000 | ---D | C] -- C:\_OTL

[2010-09-28 16:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2010-09-28 16:24:31 | 001,552,776 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\rcsetup138.exe

[2010-09-27 18:22:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe

[2010-09-25 21:40:30 | 001,253,712 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\wlsetup-web.exe

[2010-09-25 19:52:24 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010-09-25 19:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Windows-XP-WGA-Activation-Crack-reg-file

[2010-09-25 19:40:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2010-09-25 19:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller

[2010-09-25 19:36:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\GooredFix Backups

[2010-09-25 19:36:30 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\GooredFix.exe

[2010-09-25 15:36:18 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_37.dll

[2010-09-25 15:36:18 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll

[2010-09-25 15:36:18 | 000,681,472 | ---- | C] (KM-Software) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\msvcrt(DEBUG).dll

[2010-09-25 15:36:18 | 000,329,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DXErr.exe

[2010-09-25 15:36:18 | 000,209,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxcpl.exe

[2010-09-25 15:36:18 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxgi.dll

[2010-09-25 15:36:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmapi.dll

[2010-09-25 15:36:17 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll

[2010-09-25 15:36:17 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll

[2010-09-25 15:36:16 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll

[2010-09-25 15:36:16 | 001,162,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdllnew.dll

[2010-09-25 15:36:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll

[2010-09-25 15:36:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll

[2010-09-25 15:36:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll

[2010-09-25 15:36:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll

[2010-09-25 15:36:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll

[2010-09-25 15:36:16 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10.dll

[2010-09-25 15:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final

[2010-09-24 19:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Number Press

[2010-09-24 18:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win

[2010-09-20 15:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared

[2010-09-20 15:51:48 | 004,413,883 | ---- | C] (isSoft ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\isposa.exe

[2010-09-20 15:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPC

[2010-09-19 21:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Demo_NumberPress_win

[2010-09-19 20:32:17 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

[2010-09-19 20:32:16 | 000,059,472 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys

[2010-09-19 20:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro

[2010-09-19 20:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010-09-19 19:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2010-09-19 19:53:37 | 000,661,808 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl

[2010-09-19 19:53:34 | 001,331,512 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\vsapint.sys

[2010-09-19 19:53:34 | 000,249,424 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmxpflt.sys

[2010-09-19 19:53:34 | 000,089,872 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys

[2010-09-19 19:53:34 | 000,036,432 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmpreflt.sys

[2010-09-19 18:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010-09-19 16:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit

[2010-09-19 16:48:32 | 037,781,272 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit.exe

[2010-09-19 16:36:04 | 000,163,408 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2010-09-19 16:15:17 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\spybotsd162.exe

[2010-09-19 15:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Hijack Fix

[2010-09-19 15:59:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe

[2010-09-19 15:59:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE

[2010-09-19 15:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DesktopHijackFix

[2010-09-18 18:25:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.MAIN1\Recent

[2010-09-18 18:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean

[2010-09-18 16:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2010-09-18 16:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools

[2010-09-18 16:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Downloads

[2010-09-18 16:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\GetRightToGo

[2010-09-18 16:52:24 | 000,367,232 | ---- | C] (RegNow.com) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Download_7.0.0.538f-sdasetup-regnow201-AVP.exe

[2010-09-18 16:36:05 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sy@

[2010-09-18 16:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8

[2010-09-18 16:22:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-09-18 16:22:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-09-18 16:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-09-18 16:06:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010-09-18 16:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\PowerPad

[2010-09-18 16:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPad

[2010-09-18 16:01:40 | 007,247,857 | ---- | C] (Nathan Osman ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\PowerPad_1_3_0_0.exe

[2010-09-18 15:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ezbsedemo

[2010-09-18 15:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\PrintMergeNum

[2010-09-18 15:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Numbering

[2010-09-18 15:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Deployment

[2010-09-18 15:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ezbdemo

[2010-09-14 21:14:37 | 000,242,360 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\TeCtrl.dll

[2010-09-14 21:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared

[2010-09-13 16:38:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Banktown

[2010-09-12 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\GPKISecureWeb

[2010-09-10 18:08:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup.exe

[2010-09-10 17:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010-09-06 20:04:23 | 000,207,456 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npkcmsvc.exe

[2010-09-05 19:01:52 | 000,179,080 | ---- | C] (NKSolution) -- C:\WINDOWS\System32\uninst_everyclean.exe

[2010-09-05 18:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Auto Styling Plugin

[2010-09-05 18:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin

[2010-09-03 19:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Windows Search

[2010-09-03 17:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\NATEON

[2010-09-03 15:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\ClientKeeper

[2010-09-03 15:10:13 | 000,039,944 | ---- | C] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS

[2010-09-03 15:10:09 | 000,124,424 | R--- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKAgent.exe

[2010-09-03 15:10:08 | 000,390,456 | ---- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\XecureCK.dll

[2010-09-03 15:10:08 | 000,107,832 | ---- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKComObj.dll

[2010-09-03 15:10:06 | 000,177,464 | ---- | C] (SoftForum Co. Ltd.) -- C:\WINDOWS\System32\CKApp.dll

[2010-09-03 15:10:04 | 000,156,984 | ---- | C] (SoftForm Co. Ltd.) -- C:\WINDOWS\System32\Jrsoftcp.dll

[2010-09-03 15:10:03 | 000,316,728 | ---- | C] (Softforum Co. Ltd.) -- C:\WINDOWS\System32\CKCrypto.dll

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-10-02 19:45:23 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-10-02 17:27:10 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Mozilla Firefox.lnk

[2010-10-02 17:13:36 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf

[2010-10-02 16:43:02 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Administrator.MAIN1\NTUSER.DAT

[2010-10-02 16:29:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010-10-02 16:06:21 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Adobe Reader 9.lnk

[2010-10-02 16:04:56 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010-10-02 16:01:45 | 000,000,668 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0db54a977e38.job

[2010-10-02 16:01:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-10-02 16:01:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-10-02 15:59:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator.MAIN1\ntuser.ini

[2010-10-02 15:59:28 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\IconCache.db

[2010-10-02 15:55:53 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-10-02 15:11:50 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\October 2010? ?? ??.lnk

[2010-10-02 14:33:19 | 000,007,550 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\K-report.html

[2010-10-02 09:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-10-01 16:06:37 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\Internet Explorer\Quick Launch\????.url

[2010-10-01 16:06:37 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\????.url

[2010-09-30 15:58:53 | 000,036,291 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Sept10.pdf

[2010-09-30 15:49:43 | 000,015,541 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Aug10.pdf

[2010-09-30 15:46:58 | 000,068,796 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ServiceCanada001.pdf

[2010-09-28 20:13:02 | 000,000,364 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-09-28 20:12:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-09-28 20:06:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010-09-28 19:58:59 | 003,855,377 | R--- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\ComboFix.exe

[2010-09-28 16:24:52 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Recuva.lnk

[2010-09-28 16:24:43 | 001,552,776 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\rcsetup138.exe

[2010-09-27 18:22:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL.exe

[2010-09-27 18:13:56 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\RKUnhookerLE.EXE

[2010-09-26 17:02:50 | 000,048,345 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberPressPDF.pdf

[2010-09-26 16:57:55 | 000,003,231 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberingSettings.np3

[2010-09-26 16:26:53 | 000,000,009 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NumberPressPrefs3

[2010-09-26 16:26:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NP_PDF_FilePath

[2010-09-25 21:40:36 | 001,253,712 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\wlsetup-web.exe

[2010-09-25 19:37:16 | 001,193,882 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller.zip

[2010-09-25 19:36:33 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\GooredFix.exe

[2010-09-25 19:01:28 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\HiJackThis.lnk

[2010-09-25 19:00:35 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\HiJackThis.msi

[2010-09-25 18:59:36 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe

[2010-09-25 18:59:33 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE

[2010-09-25 15:36:19 | 000,003,016 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat

[2010-09-25 15:36:08 | 000,716,153 | ---- | M] () -- C:\WINDOWS\System32\unins000.exe

[2010-09-25 15:34:44 | 004,764,229 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final.zip

[2010-09-24 19:01:32 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NPSN3

[2010-09-24 19:00:38 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Number Press.lnk

[2010-09-24 18:50:55 | 013,085,859 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win.zip

[2010-09-20 15:52:12 | 004,413,883 | ---- | M] (isSoft ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\isposa.exe

[2010-09-19 20:18:57 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Trend Micro AntiVirus plus AntiSpyware.lnk

[2010-09-19 19:53:37 | 000,661,808 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\UfWSC.cpl

[2010-09-19 19:53:34 | 000,089,872 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys

[2010-09-19 18:52:41 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-09-19 16:48:38 | 037,781,272 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\TAV_Download_SP_32bit.exe

[2010-09-19 16:15:32 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\spybotsd162.exe

[2010-09-18 21:20:43 | 004,719,523 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean.zip

[2010-09-18 17:46:09 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Malwarebytes' Anti-Malware.lnk

[2010-09-18 17:29:21 | 000,367,232 | ---- | M] (RegNow.com) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Download_7.0.0.538f-sdasetup-regnow201-AVP.exe

[2010-09-18 16:03:37 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\powerpad.conf

[2010-09-18 16:02:14 | 007,247,857 | ---- | M] (Nathan Osman ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\PowerPad_1_3_0_0.exe

[2010-09-18 15:28:18 | 000,000,028 | ---- | M] () -- C:\WINDOWS\System32\asentence.dat

[2010-09-16 22:02:54 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\September 2010? ?? ??.lnk

[2010-09-14 21:14:33 | 000,000,170 | ---- | M] () -- C:\WINDOWS\System32\npconf.md5

[2010-09-14 21:02:47 | 000,000,310 | ---- | M] () -- C:\WINDOWS\System32\npzupdate.conf

[2010-09-10 19:38:59 | 000,000,030 | ---- | M] () -- C:\Program Files\NOT

[2010-09-10 18:34:50 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\mbam-setup.exe

[2010-09-10 17:20:03 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sar_15_sfx.exe

[2010-09-10 16:52:38 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\CCleaner.lnk

[2010-09-10 16:52:20 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ccsetup235.exe

[2010-09-08 07:18:00 | 000,021,884 | ---- | M] () -- C:\WINDOWS\System32\teexcept.dat

[2010-09-06 21:32:01 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System32\p3downasx.asx

[2010-09-06 20:04:23 | 000,207,456 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npkcmsvc.exe

[2010-09-05 19:01:57 | 000,179,080 | ---- | M] (NKSolution) -- C:\WINDOWS\System32\uninst_everyclean.exe

[2010-09-04 19:51:09 | 000,000,106 | ---- | M] () -- C:\WINDOWS\msecure.ini

[2010-09-04 15:52:25 | 000,126,048 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\kcrtx86.sys

[2010-09-04 15:52:25 | 000,017,160 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSUKD25.SYS

[2010-09-04 15:52:24 | 000,039,944 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS

[2010-09-03 17:20:51 | 000,001,413 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\????.lnk

[2010-09-03 15:10:09 | 000,124,424 | R--- | M] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKAgent.exe

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-10-02 17:27:10 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Mozilla Firefox.lnk

[2010-10-02 17:13:36 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf

[2010-10-02 16:29:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010-10-02 15:11:50 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\October 2010? ?? ??.lnk

[2010-10-02 14:33:18 | 000,007,550 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\K-report.html

[2010-09-30 15:58:53 | 000,036,291 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Sept10.pdf

[2010-09-30 15:49:43 | 000,015,541 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Aug10.pdf

[2010-09-30 15:46:58 | 000,068,796 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ServiceCanada001.pdf

[2010-09-28 20:06:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010-09-28 20:06:55 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010-09-28 20:03:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010-09-28 20:03:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010-09-28 20:03:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010-09-28 20:03:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010-09-28 20:03:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010-09-28 19:58:20 | 003,855,377 | R--- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\ComboFix.exe

[2010-09-28 16:24:52 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Recuva.lnk

[2010-09-27 18:13:55 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\RKUnhookerLE.EXE

[2010-09-25 19:54:34 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010-09-25 19:37:15 | 001,193,882 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\tdsskiller.zip

[2010-09-25 19:01:03 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\HiJackThis.lnk

[2010-09-25 19:00:27 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\HiJackThis.msi

[2010-09-25 15:36:18 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg

[2010-09-25 15:36:15 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll

[2010-09-25 15:36:15 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe

[2010-09-25 15:36:14 | 000,003,016 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat

[2010-09-25 15:34:42 | 004,764,229 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\DirectX10_RC2_Fix_3-Pre-Final.zip

[2010-09-24 19:01:32 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NPSN3

[2010-09-24 19:00:38 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Number Press.lnk

[2010-09-24 18:50:53 | 013,085,859 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\numberpress3win.zip

[2010-09-20 15:52:38 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL

[2010-09-19 21:22:48 | 000,048,345 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberPressPDF.pdf

[2010-09-19 21:15:31 | 000,003,231 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberingSettings.np3

[2010-09-19 21:03:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NP_PDF_FilePath

[2010-09-19 21:03:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NumberPressPrefs3

[2010-09-19 20:18:57 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Trend Micro AntiVirus plus AntiSpyware.lnk

[2010-09-19 02:16:56 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-09-18 18:05:04 | 004,719,523 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sysclean.zip

[2010-09-18 16:22:22 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\Malwarebytes' Anti-Malware.lnk

[2010-09-18 16:02:48 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\powerpad.conf

[2010-09-16 22:02:54 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\September 2010? ?? ??.lnk

[2010-09-14 21:14:37 | 000,021,884 | ---- | C] () -- C:\WINDOWS\System32\teexcept.dat

[2010-09-14 21:03:01 | 000,000,170 | ---- | C] () -- C:\WINDOWS\System32\npconf.md5

[2010-09-14 21:02:47 | 000,000,310 | ---- | C] () -- C:\WINDOWS\System32\npzupdate.conf

[2010-09-10 17:19:51 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\sar_15_sfx.exe

[2010-09-05 19:00:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\asentence.dat

[2010-09-04 19:51:09 | 000,000,106 | ---- | C] () -- C:\WINDOWS\msecure.ini

[2010-09-04 17:58:32 | 001,443,224 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1061.dll

[2010-09-03 17:20:51 | 000,001,413 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\????.lnk

[2010-08-31 17:56:45 | 000,000,030 | ---- | C] () -- C:\Program Files\NOT

[2010-08-28 19:42:46 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\fusioncache.dat

[2010-07-30 17:18:04 | 000,066,920 | ---- | C] () -- C:\WINDOWS\CMListControl.dll

[2010-07-07 17:10:16 | 000,000,135 | ---- | C] () -- C:\WINDOWS\pfwbase.INI

[2010-07-07 17:09:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PFW3.INI

[2010-07-07 17:09:12 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Averasell.ini

[2010-07-07 17:08:39 | 000,000,444 | ---- | C] () -- C:\WINDOWS\retailer.ini

[2010-06-17 16:06:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010-06-13 19:09:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\nod.dll

[2010-06-13 19:07:51 | 000,000,124 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini

[2010-06-13 19:07:45 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini

[2010-06-04 16:24:51 | 000,066,920 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll

[2010-04-29 15:09:00 | 000,032,257 | ---- | C] () -- C:\WINDOWS\System32\DWSocket_DefinePacket_NH.ini

[2010-04-29 11:04:58 | 000,000,313 | ---- | C] () -- C:\WINDOWS\System32\DWSocket_Set.ini

[2009-11-24 09:54:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll

[2009-10-30 04:25:25 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak

[2009-10-30 04:25:25 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll

[2009-10-30 04:15:54 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-10-30 02:24:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009-04-30 23:35:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009-04-10 13:19:32 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_JPN.dll

[2009-04-10 13:19:26 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_CHN.dll

[2009-04-10 13:19:20 | 000,103,904 | ---- | C] () -- C:\WINDOWS\System32\FU_ENG.dll

[2009-04-10 13:19:14 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_KOR.dll

[2009-04-06 17:16:34 | 000,596,512 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll

[2008-05-26 22:23:12 | 000,011,810 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008-05-26 22:23:10 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008-05-26 22:23:10 | 000,011,886 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008-03-20 05:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak

[2008-03-20 05:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll

[2008-03-13 02:19:56 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\netdrive.sys

[2008-02-28 16:45:20 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\KvpLoginUpCom.dll

[2004-06-23 12:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

[2003-08-28 15:44:28 | 000,000,211 | ---- | C] () -- C:\WINDOWS\drds.ini

[2001-08-29 08:00:00 | 000,192,560 | ---- | C] () -- C:\WINDOWS\System32\hfont.sys

[2001-08-29 08:00:00 | 000,056,505 | ---- | C] () -- C:\WINDOWS\System32\hbios.sys

[2001-08-29 08:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys

[2001-08-29 08:00:00 | 000,000,793 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp:DFC5A2B2

< End of report >

Link to post
Share on other sites