Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

POSSIBLE ROOTKIT


  • Please log in to reply

#1
davidkimdd

davidkimdd

    Member

  • Member
  • PipPip
  • 66 posts
here is the hijackthis log that i have just done today

Logfile of HijackThis v1.99.1
Scan saved at 10:18:58 PM, on 23/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\asnt2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: V3BOH Class - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\Program Files\Ahnlab\V3\V3Bar.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O2 - BHO: IEHlprObj Class - {B87B14CF-9B7E-40C6-9673-38A37454C962} - C:\PROGRA~1\Minigate\Miniple\1506\NJOYLA~1.DLL (file missing)
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKLM\..\Run: [q1w2] "C:\Program Files\msmsg.exe"
O4 - HKLM\..\Run: [EasyOffice] C:\Program Files\EasyWinCleaner2002\easyoffice.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buddybuddy.co.kr (HKLM)
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://netmarble.net...NMStarter16.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg6.cyworl...mageUpload2.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.onnuritv....eX/AlwaysOn.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co....wn/PDUpdate.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.c...stall_10_04.cab
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yaho...ponent/mbox.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://member.nate.c...INIplugin40.cab
O16 - DPF: {71978997-BCAF-4241-8752-553BF3E5994B} (CNeoInstallShieldX Object) - http://nbb.hanbiton....ient/bbInst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://nbb.hanbiton....gClient/dis.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co....ahooCabinet.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A87E814F-1721-4779-9995-9DDC79EFF538} (MinipleAX Control) - http://file1.minigat...i/MinipleAX.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworl...ImageUpload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {C8F26FC9-9A44-4F32-93B3-8BDAFBFA8F25} (CodeKillerCtl Class) - http://www.codekille.../codekiller.cab
O16 - DPF: {D4BD4AF6-0CEC-4E22-AD44-ECBCE0233620} (P3MaxLoad Class) - http://www.maxmp3.co...8/p3maxload.cab
O16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) - http://qbic.hanafos..../QbicUpdate.CAB
O16 - DPF: {D63FAB25-1142-4958-A6C8-6879B52FD126} (Viewstart Control) - http://blogfile.para...3_viewstart.cab
O16 - DPF: {D8EAB7E1-CDBD-48F1-921C-D16BADF1C2D4} (DigitalNamesPlugIn1.0 Control) - http://download.digi...una/dndoumi.cab
O16 - DPF: {DA4BF4BC-5BD8-452C-A1DC-AC119FD3153F} (Image Class) - http://www26.hompy.b.../BuddyPhoto.cab
O16 - DPF: {DDB3CA41-B472-4EC4-BE10-90B470D06295} (Nexapi2 Control) - http://www.buddybudd.../cab/bbmmgr.cab
O16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) - http://qbic.hanafos....ponent/Qbic.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
O23 - Service: AsNT2 - ©ieasysoft - C:\WINDOWS\system32\asnt2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE


help!!

Edited by davidkimdd, 23 November 2005 - 09:26 PM.

  • 0

Advertisements


#2
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
First, why do you think you have a rootkit?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Scan again with HijackThis and check the following items:
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O2 - BHO: IEHlprObj Class - {B87B14CF-9B7E-40C6-9673-38A37454C962} - C:\PROGRA~1\Minigate\Miniple\1506\NJOYLA~1.DLL (file missing)
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll (file missing)
O15 - Trusted Zone: http://*.buddybuddy.co.kr (HKLM)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Then reboot your computer.

Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log in your next reply.

----------------------------------

Make sure all hidden files and folders are visible (Instructions )

Please go to this site: http://virusscan.jotti.org/
On top you'll find "File to upload and scan".
Browse to the next file, submit it on that site and let it scan:

C:\Program Files\EasyWinCleaner2002\easywincleaner.exe

Several scanning engines will be used to check the file for any threats. Please post the results of the scans back here.
  • 0

#3
davidkimdd

davidkimdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
i dun no..maybe the spyware i downloaded..lol

here is the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:02:05 PM, on 26/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\asnt2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: V3BOH Class - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\Program Files\Ahnlab\V3\V3Bar.dll (file missing)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {B87B14CF-9B7E-40C6-9673-38A37454C962} - (no file)
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKLM\..\Run: [q1w2] "C:\Program Files\msmsg.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EasyOffice] C:\Program Files\EasyWinCleaner2002\easyoffice.exe /auto
O4 - HKCU\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buddybuddy.co.kr (HKLM)
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://netmarble.net...NMStarter16.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg6.cyworl...mageUpload2.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.onnuritv....eX/AlwaysOn.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co....wn/PDUpdate.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.c...stall_10_04.cab
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yaho...ponent/mbox.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://member.nate.c...INIplugin40.cab
O16 - DPF: {71978997-BCAF-4241-8752-553BF3E5994B} (CNeoInstallShieldX Object) - http://nbb.hanbiton....ient/bbInst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://nbb.hanbiton....gClient/dis.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co....ahooCabinet.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A87E814F-1721-4779-9995-9DDC79EFF538} (MinipleAX Control) - http://file1.minigat...i/MinipleAX.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworl...ImageUpload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {C8F26FC9-9A44-4F32-93B3-8BDAFBFA8F25} (CodeKillerCtl Class) - http://www.codekille.../codekiller.cab
O16 - DPF: {D4BD4AF6-0CEC-4E22-AD44-ECBCE0233620} (P3MaxLoad Class) - http://www.maxmp3.co...8/p3maxload.cab
O16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) - http://qbic.hanafos..../QbicUpdate.CAB
O16 - DPF: {D63FAB25-1142-4958-A6C8-6879B52FD126} (Viewstart Control) - http://blogfile.para...3_viewstart.cab
O16 - DPF: {D8EAB7E1-CDBD-48F1-921C-D16BADF1C2D4} (DigitalNamesPlugIn1.0 Control) - http://download.digi...una/dndoumi.cab
O16 - DPF: {DA4BF4BC-5BD8-452C-A1DC-AC119FD3153F} (Image Class) - http://www26.hompy.b.../BuddyPhoto.cab
O16 - DPF: {DDB3CA41-B472-4EC4-BE10-90B470D06295} (Nexapi2 Control) - http://www.buddybudd.../cab/bbmmgr.cab
O16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) - http://qbic.hanafos....ponent/Qbic.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
O23 - Service: AsNT2 - ©ieasysoft - C:\WINDOWS\system32\asnt2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

and for the easywincleaner..found nothing...for all..there was nothing suspicioius of it
and the pic is the log from panda

Attached Thumbnails

  • untitled.JPG

  • 0

#4
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Are you still using the "AhnLab - Antivirus Software"?!

-----------------------------------------------------------------

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Scan again with HijackThis and check the following items:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: V3BOH Class - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\Program Files\Ahnlab\V3\V3Bar.dll (file missing)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {B87B14CF-9B7E-40C6-9673-38A37454C962} - (no file)
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll (file missing)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files (if they are still there):
Files:
C:\Windows\System32\Aadvdc.exe
C:\Windows\System32\Sdtnpr.exe
C:\Windows\System32\dgtnmres.dll
C:\Windows\System32\dgtstart.exe
C:\Windows\System32\dgtuninstall.exe



Reboot your computer normally.

Step #5

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Start HijackThis and perform a new scan.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

Edited by didom, 27 November 2005 - 05:21 AM.

  • 0

#5
davidkimdd

davidkimdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
k...i do not think im using ahnlab anymore..i deleted it and downloaded avg

here is the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 2:24:52 PM, on 27/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\asnt2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {B87B14CF-9B7E-40C6-9673-38A37454C962} - (no file)
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKLM\..\Run: [q1w2] "C:\Program Files\msmsg.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EasyOffice] C:\Program Files\EasyWinCleaner2002\easyoffice.exe /auto
O4 - HKCU\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buddybuddy.co.kr (HKLM)
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://netmarble.net...NMStarter16.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg6.cyworl...mageUpload2.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.onnuritv....eX/AlwaysOn.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co....wn/PDUpdate.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.c...stall_10_04.cab
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yaho...ponent/mbox.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://member.nate.c...INIplugin40.cab
O16 - DPF: {71978997-BCAF-4241-8752-553BF3E5994B} (CNeoInstallShieldX Object) - http://nbb.hanbiton....ient/bbInst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://nbb.hanbiton....gClient/dis.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co....ahooCabinet.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A87E814F-1721-4779-9995-9DDC79EFF538} (MinipleAX Control) - http://file1.minigat...i/MinipleAX.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworl...ImageUpload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {C8F26FC9-9A44-4F32-93B3-8BDAFBFA8F25} (CodeKillerCtl Class) - http://www.codekille.../codekiller.cab
O16 - DPF: {D4BD4AF6-0CEC-4E22-AD44-ECBCE0233620} (P3MaxLoad Class) - http://www.maxmp3.co...8/p3maxload.cab
O16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) - http://qbic.hanafos..../QbicUpdate.CAB
O16 - DPF: {D63FAB25-1142-4958-A6C8-6879B52FD126} (Viewstart Control) - http://blogfile.para...3_viewstart.cab
O16 - DPF: {D8EAB7E1-CDBD-48F1-921C-D16BADF1C2D4} (DigitalNamesPlugIn1.0 Control) - http://download.digi...una/dndoumi.cab
O16 - DPF: {DA4BF4BC-5BD8-452C-A1DC-AC119FD3153F} (Image Class) - http://www26.hompy.b.../BuddyPhoto.cab
O16 - DPF: {DDB3CA41-B472-4EC4-BE10-90B470D06295} (Nexapi2 Control) - http://www.buddybudd.../cab/bbmmgr.cab
O16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) - http://qbic.hanafos....ponent/Qbic.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
O23 - Service: AsNT2 - ©ieasysoft - C:\WINDOWS\system32\asnt2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE




here is the blacklight program log

11/27/05 14:22:08 [Info]: BlackLight Engine 1.0.25 initialized
11/27/05 14:22:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/27/05 14:22:08 [Note]: 4019 4
11/27/05 14:22:08 [Note]: 4005 0
11/27/05 14:22:22 [Note]: 4006 0
11/27/05 14:22:22 [Note]: 4011 1524
11/27/05 14:22:23 [Note]: 4018 1684
11/27/05 14:22:23 [Info]: Hidden process: C:\PROGRAM FILES\MICAIM\XMLUPDLL.EXE
11/27/05 14:22:23 [Note]: 4018 1692
11/27/05 14:22:23 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\RTMAKSIE.EXE
11/27/05 14:22:23 [Note]: FSRAW library version 1.7.1013
11/27/05 14:22:23 [Info]: Hidden file: C:\Program Files\Micaim\ace.dll
11/27/05 14:22:23 [Note]: 4002 0
11/27/05 14:22:23 [Note]: 4003 1
11/27/05 14:22:23 [Note]: 10002 3
11/27/05 14:22:23 [Info]: Hidden file: C:\Program Files\Micaim\AI_25-11-2005.log
11/27/05 14:22:23 [Note]: 4002 0
11/27/05 14:22:23 [Note]: 4003 1
11/27/05 14:22:23 [Note]: 10002 3
11/27/05 14:22:23 [Info]: Hidden file: C:\Program Files\Micaim\AI_26-11-2005.log
11/27/05 14:22:23 [Note]: 4002 0
11/27/05 14:22:23 [Note]: 4003 1
11/27/05 14:22:23 [Note]: 10002 3
11/27/05 14:22:23 [Info]: Hidden file: C:\Program Files\Micaim\AI_27-11-2005.log
11/27/05 14:22:23 [Note]: 4002 0
11/27/05 14:22:23 [Note]: 4003 1
11/27/05 14:22:23 [Note]: 10002 3
11/27/05 14:22:23 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004823_4387777e_000c28cb
11/27/05 14:22:23 [Note]: 4002 0
11/27/05 14:22:23 [Note]: 4003 1
11/27/05 14:22:23 [Note]: 10002 3
11/27/05 14:22:23 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00006952_43887343_00098968
11/27/05 14:22:23 [Note]: 4002 0
11/27/05 14:22:23 [Note]: 4003 1
11/27/05 14:22:23 [Note]: 10002 3
11/27/05 14:22:23 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000029_4387702d_0000f424
11/27/05 14:22:23 [Note]: 4002 0
11/27/05 14:22:23 [Note]: 4003 1
11/27/05 14:22:23 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000029_43887338_0002dc6c
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000029_4388ccd6_00094c5f
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000029_4388e7bd_00061193
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000029_438a0393_0005f5e1
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000029_438a0499_000487ab
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000029_438a06f2_000cdfe6
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000035_43889498_00031975
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000035_43891934_000ea6d7
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000099_43877795_00066ff3
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000099_438873a9_0008583b
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000099_4388d317_000a037a
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000099_4388e7e4_000a5c35
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000000c1_43892919_000a993e
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000120_4388ec35_000ea6d7
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000048cc_43877f5f_00039387
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000489c_43888d8c_000ec82e
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004823_4388ccd7_000cdfe6
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000491c_43877796_000ec82e
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000491c_438873b6_00016e36
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000491c_4388d440_000dd40a
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000491c_4388e7eb_0004e066
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004944_43877cb0_00066ff3
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004944_43888846_0006acfc
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000494a_43888fe5_000d59f8
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000494a_43890c08_000873ed
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000049bb_438922c0_000a993e
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000049f7_4388a176_000d9701
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000049f7_43891a6c_000c447d
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00001649_4388cdbf_0006acfc
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000169a_43892938_0005d48a
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000016c5_43877f04_00081b32
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000016c5_43888bdc_000487ab
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000016c5_43890062_0008b0f6
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000016d4_4388c110_000d59f8
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000016d4_438920b2_0004e066
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00001649_4387778a_000c28cb
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00001796_4389218a_000a1f2c
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000182f_43892192_000b8d62
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00001850_4388bf05_00016e36
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00006443_438873df_000b34a7
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00006443_4388df23_000c28cb
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00006443_4388e810_0003af39
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00006479_438928f9_00059781
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00006486_43892932_000b8d62
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000064e0_438940cc_00022551
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00006443_438778c1_000aba95
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00006512_438940d5_00053ec6
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000658c_43892916_000d38a1
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000662a_43893274_000632ea
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000066b4_438930e4_00040d99
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000066bb_438778c1_000e4e1c
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000390c_438873a7_000d59f8
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000390c_4388d303_0000b71b
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000390c_4388e7e4_0003af39
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003960_438926ba_000a5c35
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000039b3_4388da6d_00098968
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000039b3_4388e7ee_0002bb15
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000390c_43877795_00029f63
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003a2d_4389193d_00055a78
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003a61_43878172_0001e848
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003a61_43888c62_00053ec6
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003a61_43890bfc_000defbc
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003a8d_4388c18e_000b71b0
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003a9e_43877c49_00022551
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003a9e_43888815_0006ea05
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003a9e_4388ec8d_0001c6f1
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003b25_43877909_000e1113
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003b25_4388847a_000c28cb
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003b25_4388e60d_000487ab
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003b25_4388e819_0008edff
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003b97_438926be_00061193
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003bf6_43877c49_0000f424
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003bf6_4388ec8a_0001c6f1
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000124_43877795_0007270e
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000030a_43877ae1_0007a120
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000822_43877d35_0007a120
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000009ce_438926b9_0001c6f1
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000bdb_43877ae1_000e8b25
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000e90_4388a06e_0000f424
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000f3e_43877795_00029f63
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00001238_43887410_000ca2dd
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000121f_43877d4a_00044aa2
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00001481_43891b99_0002bb15
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00001850_43892038_0005d48a
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00001916_438782a8_000c65d4
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00001d18_4388cb63_00044aa2
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00001e1f_4388e81a_00059781
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000022cd_43878190_00022551
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:24 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000251f_4388cb62_0008d24d
11/27/05 14:22:24 [Note]: 4002 0
11/27/05 14:22:24 [Note]: 4003 1
11/27/05 14:22:24 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000026a6_438778c2_0001312d
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002b00_438920aa_000e69ce
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002c3b_43877d28_0001e848
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002fff_43878144_0007270e
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000323b_438779ee_0001312d
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000368e_43877fb3_0006acfc
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003ef6_43877d29_000d1cef
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004080_43888bdd_00016e36
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000428b_438873e6_000baeb9
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004509_4388e5f6_00031975
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000046cf_4389193b_000d38a1
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004e45_438884fb_000e8b25
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004e45_4388ebc5_0001c6f1
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004e57_43892196_000a993e
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004f68_43892196_000ad647
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004fe2_43893037_000501bd
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004ff8_43892189_00024103
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005005_4388c205_0002dc6c
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005005_438920c1_00027e0c
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005078_4388a180_000501bd
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005078_43891b98_000ee3e0
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000050a9_438933b5_0001e848
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000050bf_43892933_0007f9db
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00007049_43877e93_0000b71b
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000701f_438873f7_00031975
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00007049_43888bc1_00007a12
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000071f0_43888eb9_000a7d8c
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000071f0_43890c06_000873ed
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000721d_438943f1_0003d090
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00007282_4388cb31_000c65d4
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00007296_438940cf_0009c671
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000072ae_43877789_000af79e
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000072ae_4388e7bf_000db2b3
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000072ae_438a0504_00089544
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00007346_43893339_000e1113
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000073d9_43892192_00077fc9
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000073da_43877d51_000d1cef
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000073da_43888b83_00044aa2
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000026ca_43877d74_00003d09
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000261e_43878214_0001ab3f
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000027da_4389386c_0008583b
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000282d_43892772_0003af39
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002833_4388923e_000e1113
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002833_438911f7_000ee3e0
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002852_43892519_0006c8ae
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000288f_43878167_00053ec6
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000288f_43888c62_0001ab3f
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000288f_43890bfc_000c447d
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000028e2_438930dd_000d59f8
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000293b_438928fd_000cfb98
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002959_43892771_000f20e9
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000029d8_438926b8_000cfb98
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002a38_43892c14_0005d48a
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002b00_4388c0db_000f0537
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000bb3_4388739f_000aba95
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000bdb_43888641_00098968
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000c15_4388c20e_0000b71b
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000c15_438920c3_000a1f2c
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000c1e_438943f1_00000000
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000c7b_4388c1d5_0002dc6c
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000ce1_4389291a_00027e0c
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000d66_43877fe2_000ca2dd
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000d66_43888c53_00040d99
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000d6a_4389290a_000b8d62
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000ddc_43888824_000a4083
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000ddc_4388eca2_000a993e
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000de5_43892645_000836e4
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000e12_43889115_000b34a7
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00000e12_438911e8_00014cdf
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005c67_43888c2a_0007270e
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005c67_4389009a_000c447d
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005ccd_4389289e_0009e223
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005cfd_4388879d_00029f63
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005cfd_4388ec88_0003af39
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005c67_43877f63_000a4083
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005d03_43877905_000f0537
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005d03_438873f7_000ca2dd
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005d03_4388e814_00064e9c
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005d24_438923ec_000ee3e0
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005db2_43877f43_00094c5f
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005db2_43888beb_00053ec6
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005db2_43890081_00064e9c
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00005dd5_4388936b_00090f56
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003e12_438887a0_000d9701
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003e12_4388ec88_0004e066
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003ef6_4388ffd0_000a1f2c
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003f0b_4389290c_0009a51a
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003f4a_43892194_00037230
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003f97_43892916_000cfb98
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003f9a_43892932_00024103
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000401d_43888eb9_0008583b
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000401d_43890c06_00046654
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004080_43877f2f_0007de29
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004087_4388b917_0009c671
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00004087_43891b9a_000058bb
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000409d_43877d3c_000f0537
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000409d_43888b43_00081b32
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000409d_4388ffd8_000d75aa
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:25 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000040a5_4389290a_000cfb98
11/27/05 14:22:25 [Note]: 4002 0
11/27/05 14:22:25 [Note]: 4003 1
11/27/05 14:22:25 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002fff_43888c61_00007a12
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002fff_43890bfb_0004294b
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002f14_43877f79_0003567e
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00002f14_43888c51_00089544
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003004_4389218a_000873ed
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000301c_43888641_00044aa2
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000301c_4388ec2d_000d38a1
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000305e_43877795_0008d24d
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000305e_4388d38e_00040d99
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000305e_4388e7eb_00024103
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\00003087_4389290d_00001bb2
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000030a7_43892932_00024103
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\000030f1_43892917_000189e8
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000314f_43877c98_0005f5e1
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
11/27/05 14:22:26 [Note]: 10002 3
11/27/05 14:22:26 [Info]: Hidden file: C:\Program Files\Micaim\Cache\0000314f_4388882d_0007de29
11/27/05 14:22:26 [Note]: 4002 0
11/27/05 14:22:26 [Note]: 4003 1
  • 0

#6
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts

k...i do not think im using ahnlab anymore..i deleted it and downloaded avg

Did you deleted it via Start--> Control Panel--> Add or Remove Programs?!

If not, please do so!

Then reboot your computer.


Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

--------------------------------------------------------------------------------------------------------------------------------------

Step #1

Scan again with HijackThis and check the following items:
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {B87B14CF-9B7E-40C6-9673-38A37454C962} - (no file)
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll (file missing)
O4 - HKLM\..\Run: [q1w2] "C:\Program Files\msmsg.exe"

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files and folders (if they are still there):
C:\Program Files\msmsg.exe <= this file

Reboot your computer normally.


Step #5

Download: DelDomains.inf
  • Locate DelDomains.inf
  • Right-click and select "Install"
Step #6

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder. Also make a new BlackLight log and post it along with the others!
  • 0

#7
davidkimdd

davidkimdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
step 6- the site cannot be displayed?? is that the correct linnk?
and ahnlab was deleted via that method,
could i delete the deldomain.inf if its installed already??

Edited by davidkimdd, 27 November 2005 - 02:12 PM.

  • 0

#8
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Yeah, you can delete deldomain.inf!

It is the correct link. Try this one:

http://www.geekstogo.../aproposfix.exe

Or else I'll upload the file here for you!
  • 0

#9
davidkimdd

davidkimdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
k the second one worked..and here's the things u want



first the log.text from runthis.bat


Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\a\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CtTlsAw5KN59]
@="w.zHPANWXXWXXYXQO7NQOPWXXWmZX2sxny2.XOUOPAIdcX9NERANOXN6O6I9GgYOUO"
"Device"="\\\\.\\usbrust"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\rasamdk6.sys"
"DriverName"="MSPlter"
"HideUninstallerName"="C:\\Program Files\\Micaim\\mqumtpdr.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\raswexec.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{48DAF358-2BE1-4773-BEFD-B912BFDBC501}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\hhskbdcz.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.con...onbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{X823ef35-d631-7cea-0edc-e6583cca5f4d}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Micaim\\xmlupdll.exe"

************

Removing hidden service:
Service MSPlter removed.

Removing hidden folder:
Deletion of folder Micaim succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\rasamdk6.sys succeeded!
Deletion of file C:\WINDOWS\system32\rtmaksie.exe succeeded!
Deletion of file C:\WINDOWS\system32\hhskbdcz.dll succeeded!
Deletion of file C:\WINDOWS\system32\raswexec.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CtTlsAw5KN59]
[-HKEY_LOCAL_MACHINE\Software\CtTlsAw5KN59]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{48DAF358-2BE1-4773-BEFD-B912BFDBC501}]

Done!

Finished!




hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:04:21 PM, on 27/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\asnt2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EasyOffice] C:\Program Files\EasyWinCleaner2002\easyoffice.exe /auto
O4 - HKCU\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://netmarble.net...NMStarter16.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg6.cyworl...mageUpload2.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.onnuritv....eX/AlwaysOn.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co....wn/PDUpdate.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.c...stall_10_04.cab
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yaho...ponent/mbox.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://member.nate.c...INIplugin40.cab
O16 - DPF: {71978997-BCAF-4241-8752-553BF3E5994B} (CNeoInstallShieldX Object) - http://nbb.hanbiton....ient/bbInst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77B4BB82-C2AD-4BF8-A1A2-795605604CA8} (CNeoInstallShieldX Object) - http://nbb.hanbiton....gClient/dis.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co....ahooCabinet.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A87E814F-1721-4779-9995-9DDC79EFF538} (MinipleAX Control) - http://file1.minigat...i/MinipleAX.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworl...ImageUpload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {C8F26FC9-9A44-4F32-93B3-8BDAFBFA8F25} (CodeKillerCtl Class) - http://www.codekille.../codekiller.cab
O16 - DPF: {D4BD4AF6-0CEC-4E22-AD44-ECBCE0233620} (P3MaxLoad Class) - http://www.maxmp3.co...8/p3maxload.cab
O16 - DPF: {D572CD64-9310-4712-8FFC-A4F9DC9D4AC1} (QbicUpdate Control) - http://qbic.hanafos..../QbicUpdate.CAB
O16 - DPF: {D63FAB25-1142-4958-A6C8-6879B52FD126} (Viewstart Control) - http://blogfile.para...3_viewstart.cab
O16 - DPF: {D8EAB7E1-CDBD-48F1-921C-D16BADF1C2D4} (DigitalNamesPlugIn1.0 Control) - http://download.digi...una/dndoumi.cab
O16 - DPF: {DA4BF4BC-5BD8-452C-A1DC-AC119FD3153F} (Image Class) - http://www26.hompy.b.../BuddyPhoto.cab
O16 - DPF: {DDB3CA41-B472-4EC4-BE10-90B470D06295} (Nexapi2 Control) - http://www.buddybudd.../cab/bbmmgr.cab
O16 - DPF: {DDE6FED7-88AB-405B-9D77-FD4CDA8B9EB5} (Qbic Control) - http://qbic.hanafos....ponent/Qbic.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
O23 - Service: AsNT2 - ©ieasysoft - C:\WINDOWS\system32\asnt2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE



and blacklight log

11/27/05 16:04:38 [Info]: BlackLight Engine 1.0.25 initialized
11/27/05 16:04:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/27/05 16:04:39 [Note]: 4019 4
11/27/05 16:04:39 [Note]: 4005 0
11/27/05 16:04:48 [Note]: 4006 0
11/27/05 16:04:48 [Note]: 4011 1536
11/27/05 16:04:48 [Note]: FSRAW library version 1.7.1013
11/27/05 16:06:07 [Note]: 4007 0
  • 0

#10
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
How is your PC running? You still have any problems?
  • 0

Advertisements


#11
davidkimdd

davidkimdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
actually..everything in device manager came back..i see the icon of the lan too.. :tazz:
wow thanks alot...

o but one problem...from the avg free edition virus program....the setting to the email function is fully functional...but whenever the computer starts...it says that its not full functional...
is this normal?
  • 0

#12
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
I really don't know.... I'll ask some experts if they know the answer as I don't use AVG :tazz:
  • 0

#13
davidkimdd

davidkimdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
yes..plz..and thanks alot for your help..every single thing came back...and if i still have trouble and get pop ups..i will ask again..
but thank you alot...


could i delete the things i downloaded? like blbeta...aprofox..hijackthis...and their logs...

Edited by davidkimdd, 27 November 2005 - 03:26 PM.

  • 0

#14
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Yeah you can delete those things!

----------------------------

This log looks clean!
  • Don't forget to re-hide all files and folders. To re-hide all files and folders:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading deselect "Show hidden files and folders".
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

    Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

    Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

    This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts.

    Please post back if you are still having any problems....

  • 0

#15
davidkimdd

davidkimdd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
which do u prefer..opera ..mozilla..or firefox?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP