Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Help: Trojan horse "dlm.exe", "dl.exe"

11579 Views 6 Replies 3 Participants Last post by  freekt
Y
My friend's laptop has experienced "Trojan horse - dlm.exe, dl.exe" problem. I helped him to fix this by using Hijackthis, AdAware, and Spybot. After cleaning the computer, I installed "Zone alarm" to prevent further problem. At the moment, it seems to work well except one website. If I tried to connect the site using "Internet explorer", IE generates error messages.

The following is the log file generated by "Hijackthis". It has a lot of "O4 - Startup: xxx_{xxx}.tmp" lines. I deleted most of them and inserted dots since the file size of log file is too big (258kb). Thanks.

>---------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 10:13:35 PM, on 2004-04-13
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SMCTRLW.EXE
C:\WINDOWS\SYSTEM\CTRLVOL.EXE
C:\WINDOWS\SYSTEM\KEYMAP.EXE
C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\TPHKMGR.EXE
C:\PROGRAM FILES\SLEEP MANAGER\SLEEPMGR.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\PROGRAM FILES\MDL CROSSFIRE COMMANDER V6\XFDLINK.EXE
C:\PROGRAM FILES\MYLINKER\MYLINKER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\KEYACC32.EXE
C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\EZICON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\TPONSCR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\UTILITY\HJT\HIJACKTHIS.EXE

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [·¹Áö½ºÆ®¸® °Ë»ç] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Control Panel] smctrlw.exe
O4 - HKLM\..\Run: [CtrlVolume] C:\WINDOWS\SYSTEM\CtrlVol.exe
O4 - HKLM\..\Run: [Keymap] C:\WINDOWS\SYSTEM\Keymap.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\THINKPAD\EASYLA~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [SleepManager] "C:\Program Files\Sleep Manager\SleepMgr.exe"
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [XfDLink] "C:\PROGRAM FILES\MDL CROSSFIRE COMMANDER V6\XFDLINK.EXE"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [myLinker] C:\PROGRA~1\MYLINKER\MYLINKER.EXE /B
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" start
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKCU\..\Run: [KeyAccess] c:\WINDOWS\keyacc32.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.exe min
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: ADDLFNPR.REG
O4 - Startup: BLUE10.BMP
O4 - Startup: EPSTPLOG.TXT
O4 - Startup: DEFAULT.WBM
O4 - Startup: DOSSTART.BAT
O4 - Startup: IBM1024R.BMP
O4 - Startup: IBML1024.BMP
O4 - Startup: KIDS10.BMP
O4 - Startup: MANCH10.BMP
O4 - Startup: MARK.GIF
O4 - Startup: MONTAG10.BMP
O4 - Startup: MOUSE.COM
O4 - Startup: NEWGRA10.BMP
O4 - Startup: QUAD10.BMP
O4 - Startup: RUN10.BMP
O4 - Startup: THINK10.BMP
O4 - Startup: WOMAN10.BMP
O4 - Startup: MSDOS.SYS
O4 - Startup: WINSOCK.DLL
O4 - Startup: WIN.INI
O4 - Startup: HWINFO.EXE
O4 - Startup: NETDET.INI
O4 - Startup: PIDGEN.DLL
O4 - Startup: MSIMGSIZ.DAT
O4 - Startup: LICENSE.TXT
O4 - Startup: SUPPORT.TXT
O4 - Startup: BILING.SYS
O4 - Startup: MPLAYER.EXE
O4 - Startup: RUNHELP.CAB
O4 - Startup: JAUTOEXP.DAT
O4 - Startup: NDDEAPI.DLL
O4 - Startup: NDDENB.DLL
O4 - Startup: SCRIPT.DOC
O4 - Startup: CLSPACK.EXE
O4 - Startup: DOSREP.EXE
O4 - Startup: DRWATSON.EXE
O4 - Startup: EXPLORER.EXE
O4 - Startup: FONTVIEW.EXE
O4 - Startup: USER.DAT
O4 - Startup: ODBC.INI
O4 - Startup: ISO10646.EXE
O4 - Startup: WININIT.SAV
O4 - Startup: NETDDE.EXE
O4 - Startup: PIDSET.EXE
O4 - Startup: SETDEBUG.EXE
O4 - Startup: SIGVERIF.EXE
O4 - Startup: TUNEUP.EXE
O4 - Startup: UPWIZUN.EXE
O4 - Startup: WINREP.EXE
O4 - Startup: JVIEW.EXE
O4 - Startup: BACKGRND.GIF
O4 - Startup: CLOUD.GIF
O4 - Startup: CONTENT.GIF
O4 - Startup: HLPBELL.GIF
O4 - Startup: HLPCD.GIF
O4 - Startup: HLPGLOBE.GIF
O4 - Startup: HLPLOGO.GIF
O4 - Startup: HLPSTEP1.GIF
O4 - Startup: HLPSTEP2.GIF
O4 - Startup: HLPSTEP3.GIF
O4 - Startup: WINLOGO.GIF
O4 - Startup: IOS.LOG
O4 - Startup: SYSTEM.INI
O4 - Startup: READM_01.HTZ
O4 - Startup: READM_02.HTZ
O4 - Startup: DOSREP.INI
O4 - Startup: HTMLHELP.INI
O4 - Startup: MSDFMAP.INI
O4 - Startup: VPC32.INI
O4 - Startup: OLDOSAPP.INI
O4 - Startup: DELUXECD.MDB
O4 - Startup: DOSPRMPT.PIF
O4 - Startup: EXPLORER.SCF
O4 - Startup: ODBCINST.INI
O4 - Startup: COUNTRY.SYS
O4 - Startup: CONFIG.TXT
O4 - Startup: DISPLAY.TXT
O4 - Startup: FAQ.TXT
O4 - Startup: GENERAL.TXT
O4 - Startup: HARDWARE.TXT
O4 - Startup: MOUSE.TXT
O4 - Startup: MSDOSDRV.TXT
O4 - Startup: NETWORK.TXT
O4 - Startup: PRINTERS.TXT
O4 - Startup: PROGRAMS.TXT
O4 - Startup: RECOVER.TXT
O4 - Startup: TIPS.TXT
O4 - Startup: WSCRIPT.EXE
O4 - Startup: TELEPHON.INI
O4 - Startup: SMARTDRV.EXE
O4 - Startup: HIMEM.SYS
O4 - Startup: RAMDRIVE.SYS
O4 - Startup: LOGOS.SYS
O4 - Startup: LOGOW.SYS
O4 - Startup: 1STBOOT.BMP
O4 - Startup: TWAIN_32.DLL
O4 - Startup: ¹°¹æ¿ï.bmp
O4 - Startup: ½£.bmp
O4 - Startup: ±Ý»ö Á÷¹°.bmp
O4 - Startup: ¼¼·ÎÁÙ.bmp
O4 - Startup: WAVEMIX.INI
O4 - Startup: ŸÀÏ.bmp
O4 - Startup: °ËÁ¤ ½û±â.bmp
O4 - Startup: POWERPNT.INI
O4 - Startup: »¡°£ ºí·Ï.bmp
O4 - Startup: WJVIEW.EXE
O4 - Startup: WIN.COM
O4 - Startup: HWINFO.DAT
O4 - Startup: MORICONS.DLL
O4 - Startup: MSOWS412.DLL
O4 - Startup: NDISLOG.TXT
O4 - Startup: ACCSTAT.EXE
O4 - Startup: ASD.EXE
O4 - Startup: CALC.EXE
O4 - Startup: CLEANMGR.EXE
O4 - Startup: CONTROL.EXE
O4 - Startup: CVT1.EXE
O4 - Startup: CVTAPLOG.EXE
O4 - Startup: DEFRAG.EXE
O4 - Startup: DRVSPACE.EXE
O4 - Startup: EMM386.EXE
O4 - Startup: MM2ENT.EXE
O4 - Startup: NOTEPAD.EXE
O4 - Startup: PACKAGER.EXE
O4 - Startup: PBRUSH.EXE
O4 - Startup: REGEDIT.EXE
O4 - Startup: PROGMAN.EXE
O4 - Startup: RG2CATDB.EXE
O4 - Startup: RUNDLL.EXE
O4 - Startup: RUNDLL32.EXE
O4 - Startup: SCANDSKW.EXE
O4 - Startup: SCANREGW.EXE
O4 - Startup: TB60.INI
O4 - Startup: SNDREC32.EXE
O4 - Startup: SNDVOL32.EXE
O4 - Startup: TASKMAN.EXE
O4 - Startup: TASKMON.EXE
O4 - Startup: VCMUI.EXE
O4 - Startup: WELCOME.EXE
O4 - Startup: WINFILE.EXE
O4 - Startup: WINHELP.EXE
O4 - Startup: WINHLP32.EXE
O4 - Startup: WININIT.EXE
O4 - Startup: WINVER.EXE
O4 - Startup: WRITE.EXE
O4 - Startup: WUPDMGR.EXE
O4 - Startup: WINUPD.ICO
O4 - Startup: DRVSPACE.INF
O4 - Startup: IOS.INI
O4 - Startup: SCANREG.INI
O4 - Startup: µ¾ÀÚ¸®.bmp
O4 - Startup: ASPI2HLP.SYS
O4 - Startup: CMD640X.SYS
O4 - Startup: CMD640X2.SYS
O4 - Startup: DBLBUFF.SYS
O4 - Startup: IFSHLP.SYS
O4 - Startup: SFCSYNC.TXT
O4 - Startup: SLEEPMGR.HLP
O4 - Startup: ACROREAD.INI
O4 - Startup: TWUNK_16.EXE
O4 - Startup: CDPLAYER.EXE
O4 - Startup: CHARMAP.EXE
O4 - Startup: CLIPBRD.EXE
O4 - Startup: DIALER.EXE
O4 - Startup: FREECELL.EXE
O4 - Startup: KODAKIMG.EXE
O4 - Startup: KODAKPRV.EXE
O4 - Startup: MSHEARTS.EXE
O4 - Startup: RSRCMTR.EXE
O4 - Startup: SOL.EXE
O4 - Startup: SYSMON.EXE
O4 - Startup: TOUR98.EXE
O4 - Startup: TWUNK_32.EXE
O4 - Startup: WINMINE.EXE
O4 - Startup: SERVICES.TXT
O4 - Startup: MSBATCH.INF
O4 - Startup: HIDCI.DLL
O4 - Startup: COMMAND.COM
O4 - Startup: brndlog.txt
O4 - Startup: SETVER.EXE
O4 - Startup: QFECHECK.EXE
O4 - Startup: WIN
O4 - Startup: QTW.INI
O4 - Startup: SMCTRLW.HLP
O4 - Startup: CONTROL.INI
O4 - Startup: VPMSMI.INI
O4 - Startup: MSINFO32.INI
O4 - Startup: SYSTEM.CB
O4 - Startup: WIN386.SWP
O4 - Startup: EXTRAC32.EXE
O4 - Startup: DEVMGR9X.EXE
O4 - Startup: PROTOCOL.INI
O4 - Startup: ±âº»°ª.PWL
O4 - Startup: IsUninst.exe
O4 - Startup: GSMU3.EXE
O4 - Startup: PROTOCOL
O4 - Startup: SERVICES
O4 - Startup: SNMPAPI.DLL
O4 - Startup: NETWORKS
O4 - Startup: ARP.EXE
O4 - Startup: FTP.EXE
O4 - Startup: SYSTEM.DAT
O4 - Startup: LMHOSTS.SAM
O4 - Startup: NETSTAT.EXE
O4 - Startup: PING.EXE
O4 - Startup: ROUTE.EXE
O4 - Startup: TELNET.EXE
O4 - Startup: TRACERT.EXE
O4 - Startup: WINIPCFG.EXE
O4 - Startup: LTSMMSG.EXE
O4 - Startup: IPCONFIG.EXE
O4 - Startup: NBTSTAT.EXE
O4 - Startup: INETMIB1.DLL
O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå.pif
O4 - Startup: °ÔÀÓ¿ë MS-DOS ¸ðµå (EMS ¹× XMS Áö¿ø).pif
O4 - Startup: °ø±â ¹æ¿ï.bmp
O4 - Startup: ÀÌÁýÆ®.bmp
O4 - Startup: Æĵ¿.bmp
O4 - Startup: ¹°¶¼»õ °ÝÀÚ.bmp
O4 - Startup: »ï°¢Çü.bmp
O4 - Startup: ÆĶõ ¸®ºª.bmp
O4 - Startup: ¼³Ä¡.bmp
O4 - Startup: ±¸¸§.bmp
O4 - Startup: ±Ý¼Ó üÀÎ.bmp
O4 - Startup: »ç¾Ï.bmp
O4 - Startup: ¹Ù´Ã¶¡.bmp
O4 - Startup: ä³Î È*¸é º¸È£±â.SCR
O4 - Startup: progman.ini
O4 - Startup: Reg Save Log.txt
O4 - Startup: folder.htt
O4 - Startup: OEWABLog.txt
O4 - Startup: SchedLog.Txt
O4 - Startup: Default.sf0
O4 - Startup: Default.sfc
O4 - Startup: wplog.txt
O4 - Startup: brndlog.bak
O4 - Startup: SOL.INI
O4 - Startup: NAVWNT.MIF
O4 - Startup: IsUn0412.exe
O4 - Startup: smoem.ini
O4 - Startup: Smctrlw.exe
O4 - Startup: NSREX.INI
O4 - Startup: NET.EXE
O4 - Startup: smcp.txt
O4 - Startup: SleepMgr.cnt
O4 - Startup: uninst.exe
O4 - Startup: tmpdelis.bat
O4 - Startup: UNWISE.EXE
O4 - Startup: NET.MSG
O4 - Startup: Sti_Trace.log
O4 - Startup: ILUNINST.EXE
O4 - Startup: REGTLIB.EXE
O4 - Startup: unwise.ini
O4 - Startup: fffe12ab_{6A98F2E0-E96B-11D7-95C6-444553540001}.tmp
O4 - Startup: EPIRPE10.INI
O4 - Startup: winhelp.ini
O4 - Startup: ipxtrn32.dll
O4 - Startup: msshlib2.log
O4 - Startup: twain_16.dll
O4 - Startup: STMMAIN.INI
O4 - Startup: vbaddin.ini
O4 - Startup: WKW16A.EXE
O4 - Startup: Active Setup Log.txt
O4 - Startup: Active Setup Log.BAK
O4 - Startup: NETH.MSG
O4 - Startup: hh.exe
O4 - Startup: mdm.ini
O4 - Startup: vgalusr1.vr
O4 - Startup: LOADQM.EXE
O4 - Startup: WINPOPUP.EXE
O4 - Startup: fffec77d_{FBB47500-9BF8-11D5-95C3-0002DD700EE1}.tmp
..
O4 - Startup: WPXERROR.LOG
O4 - Startup: fffe07fb_{D18C6A21-9BF9-11D5-95C3-0002DD700EE1}.tmp
..
O4 - Startup: hh.dat
O4 - Startup: SYMAPPS.INI
O4 - Startup: $014D4FD.WPX
O4 - Startup: fffe1d47_{EE50BF60-9C00-11D5-95C3-0002DD700EE1}.tmp
O4 - Startup: HARDLOCK.VXD
O4 - Startup: fffe5efd_{7A1B2820-9C04-11D5-95C3-0002DD700EE1}.tmp
O4 - Startup: KOOKMIN.BMP
O4 - Startup: Xecure.bmp
O4 - Startup: DAEGU.BMP
O4 - Startup: fffe5efd_{7A1B2821-9C04-11D5-95C3-0002DD700EE1}.tmp
..
O4 - Startup: ca.db
O4 - Startup: unin0412.exe
O4 - Startup: hdinfo.ini
O4 - Startup: Lucent Technologies Soft Modem AMR.log
O4 - Startup: fffe50cf_{964D2B00-9C64-11D5-95C3-90BE51C10000}.tmp
..
O4 - Startup: hjimesv.ini
O4 - Startup: fffe1e6f_{4D9A7E40-9C68-11D5-95C3-50B751C10000}.tmp
O4 - Startup: BUSAN.BMP
O4 - Startup: fffe1e6f_{4D9A7E41-9C68-11D5-95C3-50B751C10000}.tmp
O4 - Startup: yessignCA.pub
O4 - Startup: MODEMDET.TXT
O4 - Startup: winmine.ini
O4 - Startup: fffe18ab_{DD538CE0-9C98-11D5-95C3-60B451C10000}.tmp
...
O4 - Startup: TWAIN.LOG
O4 - Startup: fffe5133_{4DC12780-A518-11D5-95C3-A0BD51C10000}.tmp
...
O4 - Startup: IE4 Error Log.txt
O4 - Startup: fffe562f_{4DBF45C0-A5A7-11D5-95C3-F0C451C10000}.tmp
..
O4 - Startup: Twain001.Mtx
O4 - Startup: CSMOPAC.INI
O4 - Startup: fffe5689_{537D5140-A5D0-11D5-95C3-50B051C10000}.tmp
...
O4 - Startup: _detmp.1
O4 - Startup: CFW.INI
O4 - Startup: fffe5029_{84E8E4A1-A8B5-11D5-95C3-A0B651C10000}.tmp
...
O4 - Startup: ChemDraw.INI
O4 - Startup: fffe1ed3_{E6153D40-A8BB-11D5-95C3-A0B351C10000}.tmp
..
O4 - Startup: C3DPREFS.DAT
O4 - Startup: fffe502d_{671DF701-A8BD-11D5-95C3-B0B651C10000}.tmp
.
O4 - Startup: IMBXVT32.DLL
O4 - Startup: fffe1f61_{D1D4C5E1-A8BF-11D5-95C3-A0AA51C10000}.tmp
...
O4 - Startup: Chem3D.INI
O4 - Startup: CSGaussian.INI
O4 - Startup: HPLJPS5P.PCL
O4 - Startup: fffe52f1_{4D3BED40-A8CE-11D5-95C3-E0B651C10000}.tmp
...
O4 - Startup: wmsetup.log
O4 - Startup: Adobereg.db
O4 - Startup: WMSysPrx.prx
O4 - Startup: fffe5dff_{D0539F40-AC50-11D5-95C4-90E451C10000}.tmp
.
O4 - Startup: udptrn32.dll
O4 - Startup: FS5GLPT1.PCL
O4 - Startup: HPPCL5MS.X10
O4 - Startup: TWUNK003.MTX
O4 - Startup: fffe13dd_{E95B4200-AC54-11D5-95C4-90C155C10000}.tmp
...
O4 - Startup: Twunk002.MTX
O4 - Startup: fffe5163_{079C6D00-AD3D-11D5-95C4-309855C10000}.tmp
...
O4 - Startup: ACDILab.INI
O4 - Startup: KGOLESRV.INI
O4 - Startup: fffe5e1d_{5BD909C0-C01E-11D5-95C4-209455C10000}.tmp
...
O4 - Startup: HncIme.ini
O4 - Startup: unvise32.exe
O4 - Startup: fffe5dd3_{9D9BB420-C717-11D5-95C4-509955C10000}.tmp
...
O4 - Startup: DreamLoad.exe
O4 - Startup: fffe5ef9_{96E31E00-DF42-11D5-95C4-809755C10000}.tmp
...
O4 - Startup: DOS·Î ³ª°¨.PIF
O4 - Startup: fffe11b5_{599335E0-4AEE-11D6-95C4-807455C10000}.tmp
.
O4 - Startup: GRAMSCNV.INI
O4 - Startup: fffe12f1_{F2CB9960-EE63-11D5-95C4-206555C10000}.tmp
...
O4 - Startup: MOUSE.INI
O4 - Startup: fffe1635_{9AFF29E0-0C7C-11D6-95C4-F07755C10000}.tmp
...
O4 - Startup: SAMSUNGCARD.BMP
O4 - Startup: fffea04d_{C4D198C0-354E-11D6-95C4-D09C55C10000}.tmp
...
O4 - Startup: DELETE.EXE
O4 - Startup: MATHTYPE.LOG
O4 - Startup: fffe1005_{DA6D1B60-554B-11D6-95C4-709155C10000}.tmp
...
O4 - Startup: MATHTYPE.INI
O4 - Startup: FONTSDIR.MFD
O4 - Startup: fffe516d_{66938280-67F5-11D6-95C4-709855C10000}.tmp
...
O4 - Startup: ADA6C650.MFD
O4 - Startup: WIN.BAK
O4 - Startup: MT.DLL
O4 - Startup: fffe447d_{A89A76E0-0289-11D8-95C6-444553540001}.tmp
...
O4 - Startup: MT32.DLL
O4 - Startup: MTMACROS.PRE
O4 - Startup: fffe4ccd_{792F8800-F001-11D6-95C5-A08655C104C6}.tmp
..
O4 - Startup: GRPCONV.EXE
O4 - Startup: fffe461b_{88025801-F03B-11D6-95C5-409155C10000}.tmp
...
O4 - Startup: cadkasdeinst01e.exe
O4 - Startup: fffe094b_{9D39C7E0-F6ED-11D6-95C5-309255C10000}.tmp
...
O4 - Startup: kisa.der
O4 - Startup: fffe60d5_{00A3DC60-134C-11D7-95C5-109855C10000}.tmp
...
O4 - Startup: keyacc.ini
O4 - Startup: fffe0973_{48F0C2C0-2CC0-11D7-95C5-609855C10000}.tmp
...
O4 - Startup: keyacc32.exe
O4 - Startup: fffe39ad_{8E27D440-8AA9-11D7-95C5-0002DD700EE1}.tmp
..
O4 - Startup: DjVuDoc.ico
O4 - Startup: fffe1ccd_{048B7560-8B72-11D7-95C5-0002DD700EE1}.tmp
..
O4 - Startup: IE Setup Log.Txt
O4 - Startup: fffe31bf_{39EFED20-91CC-11D7-95C5-0002DD700EE1}.tmp
O4 - Startup: ieuninst.exe
O4 - Startup: keyacc.exe
O4 - Startup: fffe31bf_{39EFED21-91CC-11D7-95C5-0002DD700EE1}.tmp
O4 - Startup: RunOnceEx Log.txt
O4 - Startup: fffe305b_{4E1638E0-91E0-11D7-95C5-0002DD700EE1}.tmp
...
O4 - Startup: kalib32.dll
O4 - Startup: fffe3009_{D37799E0-982D-11D7-95C5-0002DD700EE1}.tmp
...
O4 - Startup: katrack.dll
O4 - Startup: unvise.exe
O4 - Startup: unvise32.dll
O4 - Startup: fffe3d89_{031E6780-9A7E-11D7-95C5-0002DD700EE1}.tmp
.
O4 - Startup: WMSysPr9.prx
O4 - Startup: fffe3e3f_{97D287C0-9A7F-11D7-95C5-0002DD700EE1}.tmp
.
O4 - Startup: wmplibrary_v_0_12.db
O4 - Startup: fffef693_{7FD5AC60-9ACA-11D7-95C5-708456C10000}.tmp
...
O4 - Startup: uneng.exe
O4 - Startup: fffe7df9_{B62F67C0-ACE4-11D7-95C5-607556C10000}.tmp
...
O4 - Startup: DefaultStore_59R.bin
O4 - Startup: UserMigratedStore_59R.bin
O4 - Startup: fffe137f_{2ADE67C0-BE87-11D7-95C5-0002DD700EE1}.tmp
O4 - Startup: nsreg.dat
..
O4 - Startup: fffe14b9_{13E781C0-C0E2-11D7-95C5-0002DD700EE1}.tmp
..
O4 - Startup: Windows Update.log
O4 - Startup: Q330994.exe
O4 - Startup: ttfCache
O4 - Startup: DirectX.log
O4 - Startup: dxwinini.bak
O4 - Startup: vminst.log
O4 - Startup: dahotfix.log
O4 - Startup: fffed567_{D6FC21A0-C13E-11D7-95C5-0002DD700EE1}.tmp
...
O4 - Startup: twain.dll
O4 - Startup: fffe3c1d_{4BB73860-D4CA-11D7-95C6-0002DD700EE1}.tmp
..
O4 - Startup: iun6002.exe
O4 - Startup: fffe136f_{60B7E560-D6DD-11D7-95C6-0002DD700EE1}.tmp
..
O4 - Startup: opuc.dll
O4 - Startup: fffe074b_{2691C660-DDF6-11D7-95C6-0002DD700EE1}.tmp
...
O4 - Startup: aolback.exe.lnk
O4 - Startup: fffe08b7_{CCDCE500-E3EA-11D7-95C6-444553540001}.tmp
...
O4 - Startup: msoffice.ini
O4 - Startup: SleepMgr.GID
O4 - Startup: fffe1ddd_{EC6E2960-E935-11D7-95C6-0002DD700EE1}.tmp
..
O4 - Startup: onkb2.ico
O4 - Startup: fffe12ab_{6A98F2E1-E96B-11D7-95C6-444553540001}.tmp
..
O4 - Startup: offkb2.ico
O4 - Startup: fffe3fdb_{55DF3060-E9BD-11D7-95C6-0002DD700EE1}.tmp
..
O4 - Startup: .plugin141_01.trace
O4 - Startup: MLUninst.exe
O4 - Startup: fffe1813_{1A401B80-EB7C-11D7-95C6-0002DD700EE1}.tmp
...
O4 - Startup: Fix IE Log.txt
O4 - Startup: IE Uninstall Log.Txt
O4 - Startup: IEPatchUninstall.log
O4 - Startup: IEPatchUninstall.BAK
O4 - Startup: fffe6ab5_{0A3D4C20-1143-11D8-95C6-0002DD700EE1}.tmp
...
O4 - Startup: _delis32.ini
O4 - Startup: fffe0401_{AD02BF60-5A33-11D8-95C6-444553540001}.tmp
...
O4 - Startup: ShellIconCache
O4 - Startup: fffe3a79_{6D0E7120-5FD7-11D8-95C6-0002DD700EE1}.tmp
...
O4 - Startup: ScanErrors.log
O4 - Startup: fffefea7_{FA37DDE0-7484-11D8-95C6-444553540001}.tmp
...
O4 - Startup: securea.html
O4 - Startup: secureb.html
O4 - Startup: test
O4 - Startup: dl.exe
O4 - Startup: dl.html
O4 - Startup: dlm.exe
O4 - Startup: toffel32.exe
O4 - Startup: consol32.exe
O4 - Startup: msstasks.exe
O4 - Startup: mstaskss.exe
O4 - Startup: WININIT.BAK
O4 - Startup: hosts.sam
O4 - Startup: fffec2c7_{64540400-8BEC-11D8-95C6-444553540001}.tmp
...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8CFE8500-6604-11D4-B26D-00C04F7A67C8} (XecureWeb Control 3.5 HCB) - http://www.hncbworld.com/XecureObject/XecureSSL35HCB.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v5.3.0.1/xw_install.cab
O16 - DPF: {DF1B804F-084B-4D24-A9E3-32BB9DAD87A4} (AxINIplugin30 Control) - http://banking.nonghyup.com/plugin/client/axINIplugin30.cab
O16 - DPF: {D13BA040-C349-11D3-87C2-00C04F4ABC61} (XecureWeb Control 3.0) - http://www.samsungcard.co.kr/XecureDemo/XecureObject/XecureSSL30.cab
O16 - DPF: ISSAC-WebSE - http://paygate.dacom.co.kr/penta/IssacWebInst.cab
O16 - DPF: {06228E75-DEB1-11D3-B702-00001CD5DA14} (AxINIplugin20 Control) - http://www.bccard.co.kr/initech/plugin/axINIplugin20.cab
O16 - DPF: {3267EA0D-B5D8-11D2-A4F9-00608CEBEE49} (ToinbWData Class) - http://ndsl.or.kr/toinbocx/toinbdata.cab
O16 - DPF: {0A2233AD-E771-11D2-973D-00104B15E56F} (ToinbWTR Class) - http://ndsl.or.kr/toinbocx/toinbtr.cab
O16 - DPF: {91B0A4F0-3206-4564-9BB4-AF9055DEF8A1} (ToinbWTextArea Class) - http://ndsl.or.kr/toinbocx/toinbtextarea.cab
O16 - DPF: {1F57AEAD-DB12-11D2-A4F9-00608CEBEE49} (ToinbWGrid Class) - http://ndsl.or.kr/toinbocx/toinbgrid.cab
O16 - DPF: {FD4C6571-DD20-11D2-973D-00104B15E56F} (ToInbWCCombo Class) - http://ndsl.or.kr/toinbocx/toinbccombo.cab
O16 - DPF: {9C9AB433-EA85-11D2-A4F9-00608CEBEE49} (ToinbWBind Class) - http://ndsl.or.kr/toinbocx/toinbbind.cab
O16 - DPF: {3694F19D-ED4D-4DA8-BECD-26FB830753D1} (DCLinker Class) - http://www.norazo.com/dcdownload/dreamlinker.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://banking.nonghyup.com/plugin/client/axINIplugin40.cab
O16 - DPF: {EADBDB84-2341-4AD0-9FAF-4F1F31CF4A46} (LoginForm Class) - http://pointsok.okcashbag.com/skmpp/SKMPPClient2.cab
O16 - DPF: {D5ACE9FC-9CCC-4FB6-9A63-19ED6A3AA489} (ReaderChecker Control) - http://drm.snu.ac.kr/pdfdrm/webbroker/ReaderChecker.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.djvu.com/plugins/en_US/DjVuControl.cab
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://www.kookmincard.co.kr/images/sendmail/IniMasPlugin.cab
O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://paygate.dacom.co.kr/penta/ISSACWebSE2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37869.4675694444
O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
O16 - DPF: {8E64F05B-76CF-40EA-AD6B-6741F02BDC46} (MagicInstaller Class) - http://www.americanexpress.co.kr/common/ML/MagicInstaller.cab
O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} (Cruzbill Control) - http://image.em4s.com/sbill/cruzbill.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553546800} - http://active.macromedia.com/flash4/cabs/swflash.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {D2A4C311-F608-4E0E-BBFE-6B25E31AC15B} (Kdfense5 Control) - http://kings.cachenet.com/kdf5078/kdfense5.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl270.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://dizzo.contents.mylinker.co.kr/module/MyLinker.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory
O16 - DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} (StreamNote2 Control) - http://nsi.snu.ac.kr/onlinenano/Lecture/Device Physics/Device Physics0302/StreamNote2.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dl/dmitriy/x.chm::/load.exe

<-----------------------
See less See more
Save
Like
Status
Not open for further replies.
1 - 3 of 7 Posts
Y
Thanks Rollin' Rog.

1) I checked the Startup folder but it does not have such files. Actually, all files in the "04 startup:" are located under the "C:\windows" directory.
2) "MYLINKER.EXE" is a file supplied by a newspaper website. I think it is credible, but am going to remove it.
3) I looked over the "C:\windows" directory, and found some suspicious files such as "securea.html", "secureb.html", "dl.html", and "dl.exe". All these files were deleted in the safe mode. In the case of usual web browsing, IE works well. However at some websites, it generates an error message. Especially when I tried to post a message to a certain bulletin board, it generates an error message. After that "outlook express" also gives an error message if I press "deliver" button.

Please help me with this. Thanks again.
Save
Like
Y
Thank Rollin' Rog for your help. Unfortunately I still have the same problem. I tried the repair of IE, and even tried to reinstall IE. I also installed "Opera" but found some difficulty with using different web browser due to the language support (Korean).

My IE usually works well except some web sites. For example, when I connect the "windows update" site, and scan updates, IE generates an error message if I click "windows 98 ... (?)" part in "Pick updates to install" section.
I might delete some system files when I deleted the suspicious files. Here is the HijackThis log file. I excluded all entries starting with "O4 - Startup: ..." except one "O4 - Startup: DIALER.EXE" since it seems that HJT just shows all files under "C:\windows".

>--------------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 10:11:38 PM, on 2004-04-19
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SMCTRLW.EXE
C:\WINDOWS\SYSTEM\CTRLVOL.EXE
C:\WINDOWS\SYSTEM\KEYMAP.EXE
C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\TPHKMGR.EXE
C:\PROGRAM FILES\SLEEP MANAGER\SLEEPMGR.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\PROGRAM FILES\MDL CROSSFIRE COMMANDER V6\XFDLINK.EXE
C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\EZICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\THINKPAD\EASY LAUNCH BUTTONS\TPONSCR.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\KEYACC32.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UTILITY\HJT\HIJACKTHIS.EXE

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [·¹Áö½ºÆ®¸® °Ë»ç] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Control Panel] smctrlw.exe
O4 - HKLM\..\Run: [CtrlVolume] C:\WINDOWS\SYSTEM\CtrlVol.exe
O4 - HKLM\..\Run: [Keymap] C:\WINDOWS\SYSTEM\Keymap.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\THINKPAD\EASYLA~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [SleepManager] "C:\Program Files\Sleep Manager\SleepMgr.exe"
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [XfDLink] "C:\PROGRAM FILES\MDL CROSSFIRE COMMANDER V6\XFDLINK.EXE"
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" start
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [KeyAccess] c:\WINDOWS\keyacc32.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.exe min
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
.....
O4 - Startup: DIALER.EXE
.....
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8CFE8500-6604-11D4-B26D-00C04F7A67C8} (XecureWeb Control 3.5 HCB) - http://www.hncbworld.com/XecureObject/XecureSSL35HCB.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/samsungcard/npx.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v5.3.0.1/xw_install.cab
O16 - DPF: {DF1B804F-084B-4D24-A9E3-32BB9DAD87A4} (AxINIplugin30 Control) - http://banking.nonghyup.com/plugin/client/axINIplugin30.cab
O16 - DPF: {D13BA040-C349-11D3-87C2-00C04F4ABC61} (XecureWeb Control 3.0) - http://www.samsungcard.co.kr/XecureDemo/XecureObject/XecureSSL30.cab
O16 - DPF: ISSAC-WebSE - http://paygate.dacom.co.kr/penta/IssacWebInst.cab
O16 - DPF: {06228E75-DEB1-11D3-B702-00001CD5DA14} (AxINIplugin20 Control) - http://www.bccard.co.kr/initech/plugin/axINIplugin20.cab
O16 - DPF: {3267EA0D-B5D8-11D2-A4F9-00608CEBEE49} (ToinbWData Class) - http://ndsl.or.kr/toinbocx/toinbdata.cab
O16 - DPF: {0A2233AD-E771-11D2-973D-00104B15E56F} (ToinbWTR Class) - http://ndsl.or.kr/toinbocx/toinbtr.cab
O16 - DPF: {91B0A4F0-3206-4564-9BB4-AF9055DEF8A1} (ToinbWTextArea Class) - http://ndsl.or.kr/toinbocx/toinbtextarea.cab
O16 - DPF: {1F57AEAD-DB12-11D2-A4F9-00608CEBEE49} (ToinbWGrid Class) - http://ndsl.or.kr/toinbocx/toinbgrid.cab
O16 - DPF: {FD4C6571-DD20-11D2-973D-00104B15E56F} (ToInbWCCombo Class) - http://ndsl.or.kr/toinbocx/toinbccombo.cab
O16 - DPF: {9C9AB433-EA85-11D2-A4F9-00608CEBEE49} (ToinbWBind Class) - http://ndsl.or.kr/toinbocx/toinbbind.cab
O16 - DPF: {3694F19D-ED4D-4DA8-BECD-26FB830753D1} (DCLinker Class) - http://www.norazo.com/dcdownload/dreamlinker.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://banking.nonghyup.com/plugin/client/axINIplugin40.cab
O16 - DPF: {EADBDB84-2341-4AD0-9FAF-4F1F31CF4A46} (LoginForm Class) - http://pointsok.okcashbag.com/skmpp/SKMPPClient2.cab
O16 - DPF: {D5ACE9FC-9CCC-4FB6-9A63-19ED6A3AA489} (ReaderChecker Control) - http://drm.snu.ac.kr/pdfdrm/webbroker/ReaderChecker.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.djvu.com/plugins/en_US/DjVuControl.cab
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://www.kookmincard.co.kr/images/sendmail/IniMasPlugin.cab
O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://paygate.dacom.co.kr/penta/ISSACWebSE2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37869.4675694444
O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - ftp://ftp.ca.com/pub/Opal/plugins/x_plugin/opalplayerx5.cab
O16 - DPF: {8E64F05B-76CF-40EA-AD6B-6741F02BDC46} (MagicInstaller Class) - http://www.americanexpress.co.kr/common/ML/MagicInstaller.cab
O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} (Cruzbill Control) - http://image.em4s.com/sbill/cruzbill.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553546800} - http://active.macromedia.com/flash4/cabs/swflash.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {D2A4C311-F608-4E0E-BBFE-6B25E31AC15B} (Kdfense5 Control) - http://kings.cachenet.com/kdf5078/kdfense5.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl270.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory
O16 - DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} (StreamNote2 Control) - http://nsi.snu.ac.kr/onlinenano/Lecture/Device Physics/Device Physics0302/StreamNote2.cab
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\SYSTEM\urlmon.dll
<--------------------------------------------------------------
Save
Like
1 - 3 of 7 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top