Jump to content


Photo

Please help me - Logfile


  • This topic is locked This topic is locked
5 replies to this topic

#1 icenerve

icenerve

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 22 July 2007 - 01:10 AM

Hello. This is the Logfile of my dad's PC. There is some Korean software on there.
Problems started with Internet Explorer --- Browser windows would just shut down, Windows would just reboot of its own accord. Clicking on links would also cause shutdown.
Have used Ad-Aware -- no results.
Did the online BitDefender scan which eliminated some stuff; I have posted the log below the HijackThis log.
Am currently using SpywareBlaster, CCleaner. Tried downloading AVG, but it won't install -- think this is a problem with the PC also.
Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 2:57:36, on 2007-07-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe
C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiVirus\hrres.exe
C:\Program Files\INCAInternet\nProtectPersonal\BasedCode\nploginv.exe
C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiSpam\HSockPE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1042\OLFSNT40.EXE
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\Program Files\HAURI\Common\hsvcmod.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\nPComSVC.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\npmonk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\cretool\securitymgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: OTSI Class - {85CC6BFF-5A5C-4A76-8FC8-DB0787DF1597} - c:\program files\cretool\ots.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: NoPhishing - {D3B071BE-7C15-43f6-8348-01EFC6092591} - C:\Progra~1\SoftRun\NoPhishing\NoPhishing.dll
O3 - Toolbar: 시큐리티 툴 - {E74BC74F-F470-4AD7-9FB4-1A4170A06082} - c:\program files\cretool\otwiz.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [HAURI Update] C:\Program Files\HAURI\ViRobot Desktop 5.0\HUpdate.EXE 1
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiVirus\hrres.exe
O4 - HKLM\..\Run: [nProtectPersonal(BasedCode)] C:\Program Files\INCAInternet\nProtectPersonal\BasedCode\nploginv.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\HAURI\Common\Base\VRMONNT.EXE
O4 - HKLM\..\Run: [HEProtect] C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiSpam\HSockPE.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: 현금리워드 - {26DFF40F-9082-4BDE-A703-D994E345C704} - "c:\program files\cretool\OTdm.exe" (file missing)
O9 - Extra 'Tools' menuitem: 시큐리티툴 현금돌려받기 적립금보기 - {26DFF40F-9082-4BDE-A703-D994E345C704} - "c:\program files\cretool\OTdm.exe" (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: i-Nav 도움말 - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-...pport/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav 도움말 - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-...pport/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav 옵션 - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.netian.com
O15 - Trusted Zone: http://*.egov.go.kr
O15 - Trusted Zone: http://*.inicis.com
O15 - Trusted Zone: http://www.iros.go.kr
O15 - Trusted Zone: http://*.scfirstbank.com
O15 - Trusted Zone: http://*.shinhan.com
O15 - Trusted Zone: http://*.shinhancard.com
O15 - Trusted Zone: http://*.vpay.co.kr
O16 - DPF: {008BBE7E-C096-11D0-B4E3-00A0C901D681} (TeeChart Pro Activex control) - http://www.etfs.co.k...fo/teechart.cab
O16 - DPF: {02462839-DC8E-4CD4-9475-FB901A2FB703} (Checker.Certifier) - http://eminwon.yongi...cab/Checker.CAB
O16 - DPF: {02FE7E8D-9DBD-4F77-8824-26C45D56CA9A} (CHZERO MAP CTRL) - http://gisweb4.chzer...IMAPOCX_WEB.CAB
O16 - DPF: {0365D95C-5061-42AB-B118-EAA3CB956E8E} (MaPrintModule_BCCard Control) - http://www.bccard.co...dule_BCCard.cab
O16 - DPF: {03F49E0E-C43A-4037-BBD6-D681E998A08E} (CodeAx Class) - http://www.nhic.or.k...s/CM_CodeAx.cab
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - http://fx.hauri.net/...iveRobotWeb.cab
O16 - DPF: {086812C8-4A27-4469-8DFA-29CE767BC1D2} (CSuperup.UserControl1) - http://blogfile.para...79_Superpop.cab
O16 - DPF: {08AC405D-A4A0-448B-8AAF-9D2903CC4A51} (EmpasSM Control) - http://im.emimg.com/...bin/empassm.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24....ebInstallV2.cab
O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn...oolkitForIE.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} (WebPriKRX Control) - http://www.krx.co.kr.../WebPri_KRX.cab
O16 - DPF: {1103224F-7567-4EF7-BE8D-EB40BA0039A2} (MailViewObj Class) - http://203.244.122.1...ungFnDotCom.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.epostbank...criptx/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} (checkVerX Control) - http://download.hts....ab/checkVer.cab
O16 - DPF: {1A6B786C-9062-4B2F-BD76-AD4653FF480E} (Club5678 Update Control) - https://secure.club5...ex/ClubCtrl.cab
O16 - DPF: {1B5EE264-CCAB-48A4-B8DA-04D4BB004CC3} (CyMiInstaller310 Class) - http://wts.bestez.co...0L-20060714.cab
O16 - DPF: {1C0933A3-6E7D-4877-98ED-420584F023AB} (WordConvert Control) - http://www.seri.org/...WordConvert.cab
O16 - DPF: {1C8143AB-92ED-4C3C-A641-B5664530ED9F} (IPRTCrsIgmPrintX Control) - http://www.iros.go.k...rsIgmPrintX.cab
O16 - DPF: {1D4FC3AF-3253-43A4-B346-5D1198D1EB8E} (CINIWebPlus Class) - http://img.shinhan.c...ISWebPlus10.cab
O16 - DPF: {1E3635D7-76FF-4660-8DD7-9ADB5FA29EA3} (UpdateComponent.MainClass) - http://portal.cdi.co...teComponent.CAB
O16 - DPF: {219C6039-E795-43D9-B6F4-D94E12E75204} (GoodiWActive Control) - http://www.goodi.com...oodiWActive.cab
O16 - DPF: {25A62CCB-3467-4AA6-AB5E-92C2E0C4B19D} (CDEVGRID Control) - http://www.krx.co.kr...bPonentGrid.CAB
O16 - DPF: {26C80095-BB0C-45B5-AC77-94302CE370AB} (IntraMap2DXMTIS Control) - http://152.99.129.12...aMap2DXMTIS.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://img.shinhan.c...down/INIS60.cab
O16 - DPF: {293834C7-05B9-418C-A7DC-B59B08C8716C} (IntraMap2DXSeBIS Control) - http://210.96.13.88/...Map2DXSeBIS.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2C68D4E4-F2BD-4880-A868-4C2AE0762306} (XInstall.Main) - http://mybank.kiupba...ab/xinstall.cab
O16 - DPF: {2F42C75A-D433-4D03-B351-73809BA36E2C} (rxCert.Viewer) - http://mybank.kiupba.../cab/rxcert.cab
O16 - DPF: {3171E07B-4FE8-4106-9958-F1487308AD25} (RegistryAdd.frmUsrControl) - https://www.egov.go.kr/RegistryAdd.CAB
O16 - DPF: {317642DD-AF52-11D4-BC2A-0050DA8AEE6F} (FileMng Control) - http://www.nhic.or.k...les/FileWiz.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....reScannerV2.ocx
O16 - DPF: {325A2282-C738-4265-B43D-587926879609} (TrustedZone Control) - http://www.iros.go.k...tedZoneCtrl.cab
O16 - DPF: {32CE8465-2D18-4AEE-9098-837844E6E926} (OcxChart Control) - http://version.edail...RT/OcxChart.cab
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yaho...ponent/MBox.cab
O16 - DPF: {39A32A43-9D99-43E9-B0C9-D01BFF3C115B} (PrintManager Control) - http://image.shinhan...rintManager.exe
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://banking.nongh.../scsk/scsk4.cab
O16 - DPF: {3A3DE2B1-6B19-4B5E-A054-1E939FD531D3} (CoreActiveX Class) - http://do.iros.go.kr...nload/CoreX.cab
O16 - DPF: {3A90D051-E921-4741-8288-D1B6747A8A51} (Yessign5 Control) - http://www.giro.or.k...ab/yessign5.cab
O16 - DPF: {3AF361E6-26F5-4EAB-A869-56E9FD3AF8BF} (KSCDATA Control) - http://datamall.kosc...eXDataChart.cab
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} (MagicLoaderX Class) - http://www.hira.or.k...agicLoaderX.cab
O16 - DPF: {3DAE9C86-4D54-4D33-A82D-E4F9150E2D86} (NateOnMMSAtx2 Class) - http://viewsms.nate....teOnMMS_AX2.cab
O16 - DPF: {3E086D34-0ED5-4A8E-BB6A-C4DF5AC4357B} (XGrid Control) - http://mybank.ibk.co...iupPSNXGrid.cab
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) - http://ecos.bok.or.kr/fpSpr60.cab
O16 - DPF: {46681002-27E5-4759-8200-E7097D1C3CDD} (SKCrypAX Control) - http://img.emart.co....cx/SKCrypAX.cab
O16 - DPF: {4812232C-91F1-49ED-A6D4-A2C1ED562C5F} (AxKSignCC Class) - http://corp.bccard.c...AxCrossCert.cab
O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} (Empas Filebox Control) - http://download.empa...mpasFilebox.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net..._XPayMPIOCX.cab
O16 - DPF: {50203813-08C7-4C9B-9281-39D888C6A11E} (GNCtrl.GraphCtl) - http://www.seiak.co....Info/GNCtrl.CAB
O16 - DPF: {50640DA2-6367-400D-9B77-18F6969F1D47} (WebPriKTF Control) - http://www.ktfmember.../WebPri_KTF.cab
O16 - DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} (Printmade Control) - http://img.shinhan.c...t/Printmade.cab
O16 - DPF: {55218724-9E0F-4A9A-858C-B5E6F5A9C65F} (Idefense Control) - http://kings.cachene...30/idefense.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5586077A-2041-4710-8F2E-0D5060D0378D} (Kdfense Control) - http://kings.cachene...215/kdfense.cab
O16 - DPF: {56C13C6F-9A84-4287-920A-513F1184C250} (SaferCrypto Control) - http://www.lotte.com...SaferCrypto.cab
O16 - DPF: {5778DCAB-19D2-48A5-BB8B-669AE7012555} (AnyChart Control) - http://fisis.fss.or....cx/AnyChart.CAB
O16 - DPF: {5797A411-BD4D-4896-9A89-415A902430B6} (eKSys SmartMapGX SDK 3.0) - http://map.roadi.com.../SmartMapGX.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.korne...peedNewCtrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://app.ipop.co.k...web/gogsweb.cab
O16 - DPF: {5E582BD1-6FAA-40F2-87A8-130AD325DABB} (Kdfense7 Control) - http://www.samsungfn...19/kdfense7.cab
O16 - DPF: {5EFC2B83-363F-4EE9-AB48-53F8500E7C5E} (CDEVGRID Control) - http://fisis.fss.or....IFSSKAOGRID.CAB
O16 - DPF: {63DD8DD9-6C39-4FF7-AE26-D495A52790F9} (ZeroChart Control) - http://211.234.113.176/ZeroChart.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103270994140
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://ahnlabdownloa.../cab/AhnASP.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://ec2.kicc.co.k...L/EasyPlugX.cab
O16 - DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} (ProWorksGrid Control) - http://img.shinhan.c...orksGrid_78.cab
O16 - DPF: {682D583F-791C-4934-A9BF-BD9B3831E87B} (ifLGPrinting Control) - http://www.wooriwm.c...LG_Printing.cab
O16 - DPF: {688273E1-17AC-47F5-AB63-7D59B44D191E} (maRhttp Control) - http://www.miraeasse...tiveTrading.cab
O16 - DPF: {6ACE5675-7EE8-49CF-B550-933B6C8B05C2} (TickerBar Control) - http://trade.wooriwm...onWebTicker.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - https://www.shinhanc...INIplugin40.cab
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - http://gcc.nefficien...ro/CKKeyPro.cab
O16 - DPF: {6D31D46F-CDAB-4430-9DF2-9ECBB448D811} (GDServiceDll Class) - http://www.hrdkorea.or.kr/GongDan.cab
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://www.letskt.co...niMasPlugin.cab
O16 - DPF: {7114AB1F-A8FE-4EB8-8AEB-0D0C47E866AD} (MA_POP Class) - http://mpi.dacom.net.../XacsPlugin.cab
O16 - DPF: {73257F5A-A0E3-4904-A64E-CE6D892E404D} (Empas File Upload Control) - http://mail.empas.co...sFileUpload.cab
O16 - DPF: {74A19CB3-36EB-4CC8-AAD0-240CC13686AC} (Checker Class) - http://down.goodgate...n/ggChecker.cab
O16 - DPF: {78B925FA-0C2C-4697-B2B9-1DA76149A15A} (MaPrintModule_LGCard Control) - http://www.lgcard.co...dule_LGCard.cab
O16 - DPF: {78E27FE2-EB04-4008-9979-F7AB2751F7C2} (NPCom Control) - https://updates.npro...c_cwd/nPCom.cab
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.p.../data/imweb.cab
O16 - DPF: {7C65E65F-5ACA-409E-9D44-79AD833919F8} (ExpressViewer Class) - http://download.soft...xei_install.cab
O16 - DPF: {7D57E347-C1E1-48F1-9FFE-5F849BEECB58} (DrawMain Class) - http://www.funddocto...ex/FundWeb1.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://www.ebanking...stall_vista.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...anner371420.cab
O16 - DPF: {7FAB8081-EFAA-447B-B64D-8048C6D6914B} (Sundo_ZaolMapKTClient Control) - http://kr.traffic.ya...Client.1010.cab
O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://www.bestez.co...ISSACWebSE2.cab
O16 - DPF: {857BAFDB-41FC-4A02-86D9-78B884AF6437} (mkdiniswCtrl Class) - http://ahnlabdownloa...ab/mkdinisw.cab
O16 - DPF: {87150955-C8C8-4693-B8E3-69E9B4EC23EC} (Yessign5 CMP Control) - http://www.yessign.o...rt5/yesCMP5.cab
O16 - DPF: {8A5BFC47-B365-4312-A8C4-32E0479EFCAA} (TPMSX Control) - http://www.shinyoung...ebStockTPMS.cab
O16 - DPF: {8FA8D5F7-7CBA-46D4-9568-68D70C5280E8} (NoPhishingX Control) - http://www.nophishin...SH02/SRNPSH.cab
O16 - DPF: {91A6D076-F1AA-44DC-9825-9F7DE41E2398} (WooricyMap Control) - http://map.wooricy.com/WooricyMap.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {95ECBC00-7121-4379-BD64-69B42A0F1123} (MapID Control) - http://www.mapid.net...X/MapID_V15.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co....ahooCabinet.cab
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - https://secure.kcp.c..._ansimclick.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AEBAA67-8B4D-4884-9EB7-8C6BEA20CE5C} (FileManager Control) - http://www.bestez.co...b/NetEditor.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownloa...yfirewall20.cab
O16 - DPF: {9DD4E0E8-2CED-4064-BF11-DDB2196CEC40} (SOLWeB4SIB Class) - http://www.solomonba.../SOLWeB4SIB.cab
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) - http://download.sign...wsinstaller.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownloa...cab/mkdplus.cab
O16 - DPF: {A2A4336A-E49E-44E8-B152-E98E841CFA24} (Chzero ZeroMap Update Control) - http://gisweb4.chzer...roMapUpdate.cab
O16 - DPF: {A40EEF5E-54E0-41CE-9638-C7D3806E54A4} (Kcpv3datx Control) - https://secure.kcp.c.../v5/v3dplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.neffici...05/kdfense8.cab
O16 - DPF: {A46A8411-BD4D-4896-9A89-415A902430B6} (SmartMapX Control) - http://www.digital.g...SmartMapXCW.cab
O16 - DPF: {A4C19EB1-204A-4F88-9D2B-17CB37217E9E} (KvpISPd Control) - https://www.vpay.co....es/KVPISPD2.cab
O16 - DPF: {A56A1518-A259-4109-98B3-06A30F09AB1B} (JXMailViewer Control) - http://www.ktfmember...mailActiveX.cab
O16 - DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} (IssacWebProCMS Class) - http://pgdownload.lg...CMS_4_2_6_1.cab
O16 - DPF: {AC462D1A-E53E-4973-A30A-AB7E07D3DD2D} (EzCertForClient Control) - http://gcc.nefficien...rtForClient.exe
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} (MagicPass Class) - http://www.hira.or.k.../MagicPassX.cab
O16 - DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} (SignGATE Class) - http://www.epostbank.../AxSignGATE.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - http://image.gseshop...sim/ilkactx.cab
O16 - DPF: {B58D4DCD-2884-4241-8B2B-1DCDC1AF55D9} (SYX Control) - http://www.shinyoung...inyoung_WTS.Cab
O16 - DPF: {B6B8968B-F2CE-47C2-B749-E2BA385BB226} (CourtPrintInfo Class) - http://www.iros.go.k...ntInfoCourt.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanma...cab?ver=1,2,2,0
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) - http://download.sign...taller_full.cab
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} (VineTransfer Control) - http://img.shinhan.c...ineTransfer.cab
O16 - DPF: {C39AB2A8-5089-4E8D-82C7-EB256059B99F} (AuHCBase Control) - http://rcs.bestez.co...er/auHCBase.cab
O16 - DPF: {C5BAFC64-419D-11D4-BE28-0050CE181ABE} (IssacWeb Class) - http://www.billkorea...st/ISSACWeb.cab
O16 - DPF: {C838E9DA-1625-4E14-8B37-C6706B43C423} (IBLeaders IBSheet Control) - http://www.bccard.co...eet/IBSheet.CAB
O16 - DPF: {C9B82549-7BD8-4227-9B37-80B3DCB76A04} (MAWS Class) - http://www.iros.go.k...ws09_scourt.cab
O16 - DPF: {CB817A2F-4C2D-4994-A1B1-36952E9AC181} (MPIPI00 Control) - http://plugin.inicis...mpi/MPIPI00.cab
O16 - DPF: {CF392830-663F-11D5-89EE-000086551DF6} (PS_NTSATL Class) - http://download.hts....file_crypto.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote.../lgcard/npx.cab
O16 - DPF: {D44C7CBF-FB35-41CF-8D6C-C0A2143EB46C} (Yessign3 Control) - http://www.giro.or.k...ab/yessign3.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprote...npkcx_vista.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://gcc.nefficien...utComponent.cab
O16 - DPF: {D8D53DE7-35C2-4759-8D0A-C91407CB559E} (WebPonentChart Control) - http://www.krx.co.kr...PonentChart.CAB
O16 - DPF: {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} (SCSKEx Control) - http://www.bestez.co...roke/scskex.cab
O16 - DPF: {D95F5F60-5BB7-4655-BACE-FC5371EFC3E0} (Npx2 Control) - http://update.nprote.../check/npx2.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://www.congnamul...Map4Asp_V27.cab
O16 - DPF: {DA76E8AE-2E7F-49A8-B5F2-D1C4FF70ECD5} (SamsungMap Control) - http://mapsvc.samsun...sungMap_V21.cab
O16 - DPF: {DAAE5781-528F-40BE-8EF6-F94118A669C1} (PrintManager Control) - http://gcc.nefficien...anager_1213.exe
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - http://update.nprote.../bccard/npz.cab
O16 - DPF: {DC51671C-E8CB-4710-AFB5-C7A1E967851B} (MKStockChart Control) - http://vip.mk.co.kr/...StockChartX.cab
O16 - DPF: {DCD7F1D9-8E57-45F8-8C0C-4400CD84C8BF} (Imhtml Control) - http://activexdown.p...data/imhtml.cab
O16 - DPF: {DDC05DB7-AE09-4959-8667-C7F0A09648F5} (maRhttp Control) - http://www.miraeasse...iveTrading2.cab
O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul...amulMap_V17.cab
O16 - DPF: {E40DEFEA-9133-4374-BB1B-E138DEFFF247} (SOLWeBLiveUpdate Class) - http://www.solomonba...BLiveUpdate.cab
O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - https://pg.banktown....tPmntClient.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co..../KVPISPCTLD.cab
O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - http://kings.cachene...ar/kdfense9.cab
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - http://image.shinhan...oTrustSiteX.cab
O16 - DPF: {EC31B24D-0E8C-454D-B23E-4BFD160AF758} (Security.SecurityController) - http://gcc.nefficien...ty-release2.CAB
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.signkorea.com/SKCommAX.cab
O16 - DPF: {ED156B75-7389-412D-B8E7-D7CDDD88CC6D} (IEPostPrinter Control) - http://210.90.8.136:...Printer_DMZ.cab
O16 - DPF: {EDEB4C33-5320-42B3-838C-ADF6A0D2055B} (XA3boxUpDown Control) - http://www.a3box.co....A3boxUpDown.cab
O16 - DPF: {EF7AD460-E1FD-4533-A0B9-C92E48CC798B} (Printmade Control) - http://image.shinhan...s/PrintMade.cab
O16 - DPF: {F0394CA9-134E-4D5B-9587-2E71EDBA9087} (Security.SecurityController) - http://gcc.nefficien...ty-release2.CAB
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhanca...down/INIS50.cab
O16 - DPF: {F3BA46D6-25D6-4A9F-96A8-2E7ED096FAD4} - https://updates.npro...bc/npz_hsbc.cab
O16 - DPF: {F44F0520-8D39-4F6D-9BEF-F5266568C4B0} (AnyTree Control) - http://fisis.fss.or.kr/ocx/AnyTree.CAB
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.ne...ate_XPayMPI.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.c...Vista/GWall.cab
O16 - DPF: {F7BBD0BD-CB3D-40BB-ADC1-85E7D46D0581} (RegKFB Control) - http://www.scfirstba...sses/RegKFB.cab
O16 - DPF: {F9CBD0B7-FEE7-432A-B01F-D6906C63EA1A} (RemoteCall Control) - http://userpc.com/cab/rcax.cab
O16 - DPF: {FA309B66-7778-11D8-A7CA-0020ED52230E} (RPRTRegisterX Control) - http://www.iros.go.k...ntRegisterX.cab
O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} (AnsimPlugin Class) - http://image.gseshop...kactx_vista.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77F4E9EF-B9CD-4F46-B1DE-ED6E593417BF}: NameServer = 168.126.63.1 168.126.63.2
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
O23 - Service: Ahnlab Task Scheduler - AhnLab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: ViRobot for WinNT™ Folder Protect (HFACSVC) - hauri - C:\Program Files\HAURI\ViRobot Desktop 5.0\AccessControl\HFACSvc.exe
O23 - Service: Hauri Common Service (hsvcmod) - Unknown owner - C:\Program Files\HAURI\Common\hsvcmod.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: NetDrive Service (ndsvc) - 솔루션박스 - C:\Program Files\Netomi\Netdrive Service\ndsvc.exe
O23 - Service: nPCom Service nProtect (nPComSVC) - INCA - C:\WINDOWS\system32\nPComSVC.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Hauri Firewall (vrfwsvc) - HAURI - C:\Program Files\HAURI\ViRobot Desktop 5.0\PCFirewall\vrfwsvc.exe
O23 - Service: ViRobot Desktop Monitoring (vrmonsvc) - HAURI - C:\Program Files\HAURI\Common\Base\vrmonsvc.exe

--
End of file - 27940 bytes
------------------------------------------------------------------------------------------------------------------------------------------
this is the BitDefender log:

BitDefender Online Scanner
Scan report generated at: Sun, Jul 22, 2007 - 14:32:59
Scan path: C:\;

Statistics

Time 00:30:22

Files 182564

Folders 3552

Boot Sectors 2

Archives 7073

Packed Files 6578

Results

Identified Viruses 4

Infected Files 5

Suspect Files 0

Warnings 0

Disinfected 0

Deleted Files 4

Engines Info
Virus Definitions 639859
Engine build AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins 14
Archive plugins 38
Unpack plugins 6
E-mail plugins 6
System plugins 1
Scan Settings First Action Prompt
Second Action None
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File
Status

C:\System Volume Information\_restore{35E27D7C-7667-42D5-A045-7BBA72CAD6F2}\RP316\A0119348.exe
Infected with: Trojan.Downloader.BSA

C:\System Volume Information\_restore{35E27D7C-7667-42D5-A045-7BBA72CAD6F2}\RP316\A0119348.exe
Deleted

C:\WINDOWS\Downloaded Program Files\PrintManager_1207.exe=>(CAB Sfx o)=>\instafp.exe
Infected with: Trojan.Downloader.BSA

C:\WINDOWS\Downloaded Program Files\PrintManager_1207.exe=>(CAB Sfx o)=>\instafp.exe
Deleted

C:\WINDOWS\Downloaded Program Files\PrintManager_1207.exe=>(CAB Sfx o)
Update failed

C:\WINDOWS\system32\ActiveScan\pskahk.dll
Infected with: Generic.Malware.SIMDWYNVdprn.D9407F4E

C:\WINDOWS\system32\ActiveScan\pskahk.dll
Disinfection failed

C:\WINDOWS\system32\inisign2.dll
Infected with: Trojan.Dldr.Agent.AET

C:\WINDOWS\system32\inisign2.dll
Deleted

C:\WINDOWS\system32\xmaninf.exe
Infected with: Trojan.Dloader.AEV

C:\WINDOWS\system32\xmaninf.exe
Deleted

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 26 July 2007 - 10:37 AM

Hello,

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Do you know what this .dll file is from?
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
Please look at the properties and let me know if you installed this program.
*/*

I need more information of this file also.

c:\program files\cretool\securitymgr.exe
What is it.

To play safe I would appreciate if you would submit the files in bold to the following link for a scan, then post the results in your next message for me to see.
http://virusscan.jotti.org/

If you are sure that the items I have Identified for removal are good. Ignore them

Please set your system to show all files;
To delete the files/folders in the next steps, you may need to show hidden Files/Folders: How to.
At the end of the fix you can return the files to hidden status if you want.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: OTSI Class - {85CC6BFF-5A5C-4A76-8FC8-DB0787DF1597} - c:\program files\cretool\ots.dll
O3 - Toolbar: ???? ? - {E74BC74F-F470-4AD7-9FB4-1A4170A06082} - c:\program files\cretool\otwiz.dll
O9 - Extra button: ????? - {26DFF40F-9082-4BDE-A703-D994E345C704} - "c:\program files\cretool\OTdm.exe" (file missing)
O9 - Extra 'Tools' menuitem: ????? ?????? ????? - {26DFF40F-9082-4BDE-A703-D994E345C704} - "c:\program files\cretool\OTdm.exe" (file missing)
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote.../lgcard/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprote...npkcx_vista.cab


Click on Fix Checked when finished and exit HijackThis.

Delete these files if not from a known program.

c:\program files\cretool\ots.dll
c:\program files\cretool\otwiz.dll

Restart the computer normally.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6u2.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions. <- important.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Submit a fresh HijackThis log and let me know what problem remains.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 icenerve

icenerve

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 30 July 2007 - 11:16 PM

Thank you very much. Here is what I did:

Do you know what this .dll file is from?
O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll
Please look at the properties and let me know if you installed this program.
*/*

This is from a program called "Ad-Spider" which has been causing problems in Korea recently. I deleted this.

I need more information of this file also.

c:\program files\cretool\securitymgr.exe
What is it.

I don't know what my dad did while I was away, but I cannot find this file nor the "cretool" folder anymore.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: OTSI Class - {85CC6BFF-5A5C-4A76-8FC8-DB0787DF1597} - c:\program files\cretool\ots.dll
- not found

O3 - Toolbar: ???? ? - {E74BC74F-F470-4AD7-9FB4-1A4170A06082} - c:\program files\cretool\otwiz.dll
- not found

O9 - Extra button: ????? - {26DFF40F-9082-4BDE-A703-D994E345C704} - "c:\program files\cretool\OTdm.exe" (file missing)
- not found

O9 - Extra 'Tools' menuitem: ????? ?????? ????? - {26DFF40F-9082-4BDE-A703-D994E345C704} - "c:\program files\cretool\OTdm.exe" (file missing) - not found

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprote.../lgcard/npx.cab
- this probably has something to do with Internet banking, bit I fixed it anyway. It can be downloaded again if needed.

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) -
http://update.nprote...npkcx_vista.cab
- this probably has something to do with Internet banking, bit I fixed it anyway. It can be downloaded again if needed.

Click on Fix Checked when finished and exit HijackThis.

Delete these files if not from a known program.

c:\program files\cretool\ots.dll
c:\program files\cretool\otwiz.dll - these files cannot be found anymore.


I have installed the latest version of Java.

Latest HijackThis Log is below. My dad reports that many problems have ceased. I think we should wait a bit more, see what happens.

Thank you very much again.

-------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 1:14:55, on 2007-07-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\Program Files\HAURI\Common\hsvcmod.exe
C:\Program Files\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\nPComSVC.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HAURI\Common\Base\vrmonsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe
C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiVirus\hrres.exe
C:\Program Files\HAURI\Common\Base\VRMONNT.EXE
C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiSpam\HSockPE.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office\1042\OLFSNT40.EXE
C:\Program Files\HAURI\ViRobot Desktop 5.0\PCFirewall\vrfwsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: NoPhishing - {D3B071BE-7C15-43f6-8348-01EFC6092591} - C:\Progra~1\SoftRun\NoPhishing\NoPhishing.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [HAURI Update] C:\Program Files\HAURI\ViRobot Desktop 5.0\HUpdate.EXE 1
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiVirus\hrres.exe
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\HAURI\Common\Base\VRMONNT.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HEProtect] C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiSpam\HSockPE.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: i-Nav 도움말 - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-...pport/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav 도움말 - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-...pport/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav 옵션 - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.netian.com
O15 - Trusted Zone: http://*.egov.go.kr
O15 - Trusted Zone: http://*.inicis.com
O15 - Trusted Zone: http://www.iros.go.kr
O15 - Trusted Zone: http://*.scfirstbank.com
O15 - Trusted Zone: http://*.shinhan.com
O15 - Trusted Zone: http://*.shinhancard.com
O15 - Trusted Zone: http://*.vpay.co.kr
O16 - DPF: {008BBE7E-C096-11D0-B4E3-00A0C901D681} (TeeChart Pro Activex control) - http://www.etfs.co.k...fo/teechart.cab
O16 - DPF: {02462839-DC8E-4CD4-9475-FB901A2FB703} (Checker.Certifier) - http://eminwon.yongi...cab/Checker.CAB
O16 - DPF: {02FE7E8D-9DBD-4F77-8824-26C45D56CA9A} (CHZERO MAP CTRL) - http://gisweb4.chzer...IMAPOCX_WEB.CAB
O16 - DPF: {0365D95C-5061-42AB-B118-EAA3CB956E8E} (MaPrintModule_BCCard Control) - http://www.bccard.co...dule_BCCard.cab
O16 - DPF: {03F49E0E-C43A-4037-BBD6-D681E998A08E} (CodeAx Class) - http://www.nhic.or.k...s/CM_CodeAx.cab
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - http://fx.hauri.net/...iveRobotWeb.cab
O16 - DPF: {086812C8-4A27-4469-8DFA-29CE767BC1D2} (CSuperup.UserControl1) - http://blogfile.para...79_Superpop.cab
O16 - DPF: {08AC405D-A4A0-448B-8AAF-9D2903CC4A51} (EmpasSM Control) - http://im.emimg.com/...bin/empassm.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn...oolkitForIE.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} (WebPriKRX Control) - http://www.krx.co.kr.../WebPri_KRX.cab
O16 - DPF: {1103224F-7567-4EF7-BE8D-EB40BA0039A2} (MailViewObj Class) - http://203.244.122.1...ungFnDotCom.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.epostbank...criptx/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} - file://C:\eFriend\Branch\MiPlatform_Updater320-20070322_1833.cab
O16 - DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} (checkVerX Control) - http://download.hts....ab/checkVer.cab
O16 - DPF: {1A6B786C-9062-4B2F-BD76-AD4653FF480E} (Club5678 Update Control) - https://secure.club5...ex/ClubCtrl.cab
O16 - DPF: {1B5EE264-CCAB-48A4-B8DA-04D4BB004CC3} (CyMiInstaller310 Class) - http://wts.bestez.co...0L-20060714.cab
O16 - DPF: {1C0933A3-6E7D-4877-98ED-420584F023AB} (WordConvert Control) - http://www.seri.org/...WordConvert.cab
O16 - DPF: {1C8143AB-92ED-4C3C-A641-B5664530ED9F} (IPRTCrsIgmPrintX Control) - http://www.iros.go.k...rsIgmPrintX.cab
O16 - DPF: {1CD4FAEE-09F6-4B77-8A49-EF2A9EBC8D46} (RSUpCtrl Control) - http://210.96.162.143/cab/rsupctrl.cab
O16 - DPF: {1D4FC3AF-3253-43A4-B346-5D1198D1EB8E} (CINIWebPlus Class) - http://img.shinhan.c...ISWebPlus10.cab
O16 - DPF: {1E3635D7-76FF-4660-8DD7-9ADB5FA29EA3} (UpdateComponent.MainClass) - http://portal.cdi.co...teComponent.CAB
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} (XacsPop Control) - http://mpi.dacom.net...js/xmpi2007.cab
O16 - DPF: {219C6039-E795-43D9-B6F4-D94E12E75204} (GoodiWActive Control) - http://www.goodi.com...oodiWActive.cab
O16 - DPF: {25A62CCB-3467-4AA6-AB5E-92C2E0C4B19D} (CDEVGRID Control) - http://www.krx.co.kr...bPonentGrid.CAB
O16 - DPF: {26C80095-BB0C-45B5-AC77-94302CE370AB} (IntraMap2DXMTIS Control) - http://152.99.129.12...aMap2DXMTIS.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://img.shinhan.c...down/INIS60.cab
O16 - DPF: {293834C7-05B9-418C-A7DC-B59B08C8716C} (IntraMap2DXSeBIS Control) - http://210.96.13.88/...Map2DXSeBIS.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - http://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2C68D4E4-F2BD-4880-A868-4C2AE0762306} (XInstall.Main) - http://mybank.kiupba...ab/xinstall.cab
O16 - DPF: {2F42C75A-D433-4D03-B351-73809BA36E2C} (rxCert.Viewer) - http://mybank.kiupba.../cab/rxcert.cab
O16 - DPF: {3171E07B-4FE8-4106-9958-F1487308AD25} (RegistryAdd.frmUsrControl) - https://www.egov.go.kr/RegistryAdd.CAB
O16 - DPF: {317642DD-AF52-11D4-BC2A-0050DA8AEE6F} (FileMng Control) - http://www.nhic.or.k...les/FileWiz.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....reScannerV2.ocx
O16 - DPF: {325A2282-C738-4265-B43D-587926879609} (TrustedZone Control) - http://www.iros.go.k...tedZoneCtrl.cab
O16 - DPF: {32CE8465-2D18-4AEE-9098-837844E6E926} (OcxChart Control) - http://version.edail...RT/OcxChart.cab
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yaho...ponent/MBox.cab
O16 - DPF: {39A32A43-9D99-43E9-B0C9-D01BFF3C115B} (PrintManager Control) - http://image.shinhan...rintManager.exe
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://banking.nongh.../scsk/scsk4.cab
O16 - DPF: {3A3DE2B1-6B19-4B5E-A054-1E939FD531D3} (CoreActiveX Class) - http://do.iros.go.kr...nload/CoreX.cab
O16 - DPF: {3A90D051-E921-4741-8288-D1B6747A8A51} (Yessign5 Control) - http://www.giro.or.k...ab/yessign5.cab
O16 - DPF: {3AF361E6-26F5-4EAB-A869-56E9FD3AF8BF} (KSCDATA Control) - http://datamall.kosc...eXDataChart.cab
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} (MagicLoaderX Class) - http://www.hira.or.k...agicLoaderX.cab
O16 - DPF: {3DAE9C86-4D54-4D33-A82D-E4F9150E2D86} (NateOnMMSAtx2 Class) - http://viewsms.nate....teOnMMS_AX2.cab
O16 - DPF: {3E086D34-0ED5-4A8E-BB6A-C4DF5AC4357B} (XGrid Control) - http://mybank.ibk.co...iupPSNXGrid.cab
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) - http://ecos.bok.or.kr/fpSpr60.cab
O16 - DPF: {46681002-27E5-4759-8200-E7097D1C3CDD} (SKCrypAX Control) - http://img.emart.co....cx/SKCrypAX.cab
O16 - DPF: {4812232C-91F1-49ED-A6D4-A2C1ED562C5F} (AxKSignCC Class) - http://corp.bccard.c...AxCrossCert.cab
O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} (Empas Filebox Control) - http://download.empa...mpasFilebox.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net..._XPayMPIOCX.cab
O16 - DPF: {50203813-08C7-4C9B-9281-39D888C6A11E} (GNCtrl.GraphCtl) - http://www.seiak.co....Info/GNCtrl.CAB
O16 - DPF: {50640DA2-6367-400D-9B77-18F6969F1D47} (WebPriKTF Control) - http://www.ktfmember.../WebPri_KTF.cab
O16 - DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} (Printmade Control) - http://img.shinhan.c...t/Printmade.cab
O16 - DPF: {55218724-9E0F-4A9A-858C-B5E6F5A9C65F} (Idefense Control) - http://kings.cachene...30/idefense.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5586077A-2041-4710-8F2E-0D5060D0378D} (Kdfense Control) - http://kings.cachene...215/kdfense.cab
O16 - DPF: {56C13C6F-9A84-4287-920A-513F1184C250} (SaferCrypto Control) - http://www.lotte.com...SaferCrypto.cab
O16 - DPF: {5778DCAB-19D2-48A5-BB8B-669AE7012555} (AnyChart Control) - http://fisis.fss.or....cx/AnyChart.CAB
O16 - DPF: {5797A411-BD4D-4896-9A89-415A902430B6} (eKSys SmartMapGX SDK 3.0) - http://map.roadi.com.../SmartMapGX.cab
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.korne...peedNewCtrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://app.ipop.co.k...web/gogsweb.cab
O16 - DPF: {5E582BD1-6FAA-40F2-87A8-130AD325DABB} (Kdfense7 Control) - http://www.samsungfn...19/kdfense7.cab
O16 - DPF: {5EFC2B83-363F-4EE9-AB48-53F8500E7C5E} (CDEVGRID Control) - http://fisis.fss.or....IFSSKAOGRID.CAB
O16 - DPF: {63DD8DD9-6C39-4FF7-AE26-D495A52790F9} (ZeroChart Control) - http://211.234.113.176/ZeroChart.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103270994140
O16 - DPF: {64C69494-72B7-4124-B6A1-BDA36DC39610} (WebDeskDHTML Control) - http://www.truefrien...ebDeskDHTML.cab
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://ahnlabdownloa.../cab/AhnASP.cab
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://ec2.kicc.co.k...L/EasyPlugX.cab
O16 - DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} (ProWorksGrid Control) - http://img.shinhan.c...orksGrid_78.cab
O16 - DPF: {682D583F-791C-4934-A9BF-BD9B3831E87B} (ifLGPrinting Control) - http://www.wooriwm.c...LG_Printing.cab
O16 - DPF: {688273E1-17AC-47F5-AB63-7D59B44D191E} (maRhttp Control) - http://www.miraeasse...tiveTrading.cab
O16 - DPF: {6ACE5675-7EE8-49CF-B550-933B6C8B05C2} (TickerBar Control) - http://trade.wooriwm...onWebTicker.cab
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - https://www.shinhanc...INIplugin40.cab
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - http://gcc.nefficien...ro/CKKeyPro.cab
O16 - DPF: {6D31D46F-CDAB-4430-9DF2-9ECBB448D811} (GDServiceDll Class) - http://www.hrdkorea.or.kr/GongDan.cab
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://www.letskt.co...niMasPlugin.cab
O16 - DPF: {7114AB1F-A8FE-4EB8-8AEB-0D0C47E866AD} (MA_POP Class) - http://mpi.dacom.net.../XacsPlugin.cab
O16 - DPF: {73257F5A-A0E3-4904-A64E-CE6D892E404D} (Empas File Upload Control) - http://mail.empas.co...sFileUpload.cab
O16 - DPF: {74A19CB3-36EB-4CC8-AAD0-240CC13686AC} (Checker Class) - http://down.goodgate...n/ggChecker.cab
O16 - DPF: {78B925FA-0C2C-4697-B2B9-1DA76149A15A} (MaPrintModule_LGCard Control) - http://www.lgcard.co...dule_LGCard.cab
O16 - DPF: {78E27FE2-EB04-4008-9979-F7AB2751F7C2} (NPCom Control) - https://updates.npro...c_cwd/nPCom.cab
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.p.../data/imweb.cab
O16 - DPF: {7C65E65F-5ACA-409E-9D44-79AD833919F8} (ExpressViewer Class) - http://download.soft...xei_install.cab
O16 - DPF: {7D57E347-C1E1-48F1-9FFE-5F849BEECB58} (DrawMain Class) - http://www.funddocto...ex/FundWeb1.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://www.ebanking...stall_vista.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...anner371420.cab
O16 - DPF: {7FAB8081-EFAA-447B-B64D-8048C6D6914B} (Sundo_ZaolMapKTClient Control) - http://kr.traffic.ya...Client.1010.cab
O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://www.bestez.co...ISSACWebSE2.cab
O16 - DPF: {857BAFDB-41FC-4A02-86D9-78B884AF6437} (mkdiniswCtrl Class) - http://ahnlabdownloa...ab/mkdinisw.cab
O16 - DPF: {87150955-C8C8-4693-B8E3-69E9B4EC23EC} (Yessign5 CMP Control) - http://www.yessign.o...rt5/yesCMP5.cab
O16 - DPF: {8A5BFC47-B365-4312-A8C4-32E0479EFCAA} (TPMSX Control) - http://www.shinyoung...ebStockTPMS.cab
O16 - DPF: {8FA8D5F7-7CBA-46D4-9568-68D70C5280E8} (NoPhishingX Control) - http://www.nophishin...SH02/SRNPSH.cab
O16 - DPF: {91A6D076-F1AA-44DC-9825-9F7DE41E2398} (WooricyMap Control) - http://map.wooricy.com/WooricyMap.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {95ECBC00-7121-4379-BD64-69B42A0F1123} (MapID Control) - http://www.mapid.net...X/MapID_V15.cab
O16 - DPF: {97745861-F1A6-45B2-8AD1-0C17334550E6} (YahooCabinet Control) - http://img.yahoo.co....ahooCabinet.cab
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - https://secure.kcp.c..._ansimclick.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AEBAA67-8B4D-4884-9EB7-8C6BEA20CE5C} (FileManager Control) - http://www.bestez.co...b/NetEditor.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownloa...yfirewall20.cab
O16 - DPF: {9DD4E0E8-2CED-4064-BF11-DDB2196CEC40} (SOLWeB4SIB Class) - http://www.solomonba.../SOLWeB4SIB.cab
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) - http://download.sign...wsinstaller.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownloa...cab/mkdplus.cab
O16 - DPF: {A2A4336A-E49E-44E8-B152-E98E841CFA24} (Chzero ZeroMap Update Control) - http://gisweb4.chzer...roMapUpdate.cab
O16 - DPF: {A40EEF5E-54E0-41CE-9638-C7D3806E54A4} (Kcpv3datx Control) - https://secure.kcp.c.../v5/v3dplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.neffici...05/kdfense8.cab
O16 - DPF: {A46A8411-BD4D-4896-9A89-415A902430B6} (SmartMapX Control) - http://www.digital.g...SmartMapXCW.cab
O16 - DPF: {A4C19EB1-204A-4F88-9D2B-17CB37217E9E} (KvpISPd Control) - https://www.vpay.co....es/KVPISPD2.cab
O16 - DPF: {A56A1518-A259-4109-98B3-06A30F09AB1B} (JXMailViewer Control) - http://www.ktfmember...mailActiveX.cab
O16 - DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} (IssacWebProCMS Class) - http://pgdownload.lg...CMS_4_2_6_1.cab
O16 - DPF: {AC462D1A-E53E-4973-A30A-AB7E07D3DD2D} (EzCertForClient Control) - http://gcc.nefficien...rtForClient.exe
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} (MagicPass Class) - http://www.hira.or.k.../MagicPassX.cab
O16 - DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} (SignGATE Class) - http://www.epostbank.../AxSignGATE.cab
O16 - DPF: {B45E969D-924F-4C83-ACF3-38CDD115AA2C} (MpiPlugin Class) - http://image.gseshop...sim/ilkactx.cab
O16 - DPF: {B58D4DCD-2884-4241-8B2B-1DCDC1AF55D9} (SYX Control) - http://www.shinyoung...inyoung_WTS.Cab
O16 - DPF: {B6B8968B-F2CE-47C2-B749-E2BA385BB226} (CourtPrintInfo Class) - http://www.iros.go.k...ntInfoCourt.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanma...cab?ver=1,2,2,0
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) - http://download.sign...taller_full.cab
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} (VineTransfer Control) - http://img.shinhan.c...ineTransfer.cab
O16 - DPF: {C39AB2A8-5089-4E8D-82C7-EB256059B99F} (AuHCBase Control) - http://rcs.bestez.co...er/auHCBase.cab
O16 - DPF: {C5BAFC64-419D-11D4-BE28-0050CE181ABE} (IssacWeb Class) - http://www.billkorea...st/ISSACWeb.cab
O16 - DPF: {C838E9DA-1625-4E14-8B37-C6706B43C423} (IBLeaders IBSheet Control) - http://www.bccard.co...eet/IBSheet.CAB
O16 - DPF: {C9B82549-7BD8-4227-9B37-80B3DCB76A04} (MAWS Class) - http://www.iros.go.k...ws09_scourt.cab
O16 - DPF: {CB817A2F-4C2D-4994-A1B1-36952E9AC181} (MPIPI00 Control) - http://plugin.inicis...mpi/MPIPI00.cab
O16 - DPF: {CF392830-663F-11D5-89EE-000086551DF6} (PS_NTSATL Class) - http://download.hts....file_crypto.cab
O16 - DPF: {D44C7CBF-FB35-41CF-8D6C-C0A2143EB46C} (Yessign3 Control) - http://www.giro.or.k...ab/yessign3.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://gcc.nefficien...utComponent.cab
O16 - DPF: {D8D53DE7-35C2-4759-8D0A-C91407CB559E} (WebPonentChart Control) - http://www.krx.co.kr...PonentChart.CAB
O16 - DPF: {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} (SCSKEx Control) - http://www.bestez.co...roke/scskex.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://www.congnamul...Map4Asp_V27.cab
O16 - DPF: {DA76E8AE-2E7F-49A8-B5F2-D1C4FF70ECD5} (SamsungMap Control) - http://mapsvc.samsun...sungMap_V21.cab
O16 - DPF: {DAAE5781-528F-40BE-8EF6-F94118A669C1} (PrintManager Control) - http://gcc.nefficien...anager_1213.exe
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - http://update.nprote...06/kiup/npz.cab
O16 - DPF: {DC51671C-E8CB-4710-AFB5-C7A1E967851B} (MKStockChart Control) - http://vip.mk.co.kr/...StockChartX.cab
O16 - DPF: {DCD7F1D9-8E57-45F8-8C0C-4400CD84C8BF} (Imhtml Control) - http://activexdown.p...data/imhtml.cab
O16 - DPF: {DDC05DB7-AE09-4959-8667-C7F0A09648F5} (maRhttp Control) - http://www.miraeasse...iveTrading2.cab
O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul...amulMap_V17.cab
O16 - DPF: {E40DEFEA-9133-4374-BB1B-E138DEFFF247} (SOLWeBLiveUpdate Class) - http://www.solomonba...BLiveUpdate.cab
O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - https://pg.banktown....tPmntClient.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co..../KVPISPCTLD.cab
O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - http://kings.cachene...ar/kdfense9.cab
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - http://image.shinhan...oTrustSiteX.cab
O16 - DPF: {EC31B24D-0E8C-454D-B23E-4BFD160AF758} (Security.SecurityController) - http://gcc.nefficien...ty-release2.CAB
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.signkorea.com/SKCommAX.cab
O16 - DPF: {ED156B75-7389-412D-B8E7-D7CDDD88CC6D} (IEPostPrinter Control) - http://210.90.8.136:...Printer_DMZ.cab
O16 - DPF: {EDEB4C33-5320-42B3-838C-ADF6A0D2055B} (XA3boxUpDown Control) - http://www.a3box.co....A3boxUpDown.cab
O16 - DPF: {EF7AD460-E1FD-4533-A0B9-C92E48CC798B} (Printmade Control) - http://image.shinhan...s/PrintMade.cab
O16 - DPF: {F0394CA9-134E-4D5B-9587-2E71EDBA9087} (Security.SecurityController) - http://gcc.nefficien...ty-release2.CAB
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhanca...down/INIS50.cab
O16 - DPF: {F3BA46D6-25D6-4A9F-96A8-2E7ED096FAD4} - https://updates.npro...bc/npz_hsbc.cab
O16 - DPF: {F44F0520-8D39-4F6D-9BEF-F5266568C4B0} (AnyTree Control) - http://fisis.fss.or.kr/ocx/AnyTree.CAB
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.ne...ate_XPayMPI.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.c...Vista/GWall.cab
O16 - DPF: {F7BBD0BD-CB3D-40BB-ADC1-85E7D46D0581} (RegKFB Control) - http://www.scfirstba...sses/RegKFB.cab
O16 - DPF: {F9CBD0B7-FEE7-432A-B01F-D6906C63EA1A} (RemoteCall Control) - http://userpc.com/cab/rcax.cab
O16 - DPF: {FA309B66-7778-11D8-A7CA-0020ED52230E} (RPRTRegisterX Control) - http://www.iros.go.k...ntRegisterX.cab
O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} (AnsimPlugin Class) - http://image.gseshop...kactx_vista.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77F4E9EF-B9CD-4F46-B1DE-ED6E593417BF}: NameServer = 168.126.63.1 168.126.63.2
O23 - Service: Ahnlab Task Scheduler - AhnLab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: ViRobot for WinNT™ Folder Protect (HFACSVC) - hauri - C:\Program Files\HAURI\ViRobot Desktop 5.0\AccessControl\HFACSvc.exe
O23 - Service: Hauri Common Service (hsvcmod) - Unknown owner - C:\Program Files\HAURI\Common\hsvcmod.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe
O23 - Service: NetDrive Service (ndsvc) - 솔루션박스 - C:\Program Files\Netomi\Netdrive Service\ndsvc.exe
O23 - Service: nPCom Service nProtect (nPComSVC) - INCA - C:\WINDOWS\system32\nPComSVC.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Hauri Firewall (vrfwsvc) - HAURI - C:\Program Files\HAURI\ViRobot Desktop 5.0\PCFirewall\vrfwsvc.exe
O23 - Service: ViRobot Desktop Monitoring (vrmonsvc) - HAURI - C:\Program Files\HAURI\Common\Base\vrmonsvc.exe

--
End of file - 27266 bytes

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 31 July 2007 - 07:49 AM

Nice Work your log is clean.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
http://users.telenet...prevention.html
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 icenerve

icenerve

    Member

  • Full Member
  • Pip
  • 17 posts

Posted 01 August 2007 - 10:31 PM

Nice Work your log is clean.

Please read this Prevention page with lots of info and tips how to prevent this in the future.
http://users.telenet...prevention.html


Thank you very much.

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,093 posts

Posted 13 August 2007 - 07:50 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button