Options

log file can't tell which to remove

i don't see any omegasearch word in the log
my best guess is that word "Biaswarn" must be the toolbar part of omegasearch. am i right?

also this log is from Korean version of XP

Logfile of HijackThis v1.97.7
Scan saved at 오후 2:36:49, on 2004-05-08
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RealVNC\WinVNC\winvnc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\saintican.ICAN\바탕 화면\Hijack\HijackThis.exe

R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {EBD945B9-EFFA-28DA-BD70-31CC13EC89A8} - C:\PROGRA~1\FASTDR~1\Date Size.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\Ahnlab\V3\V3Bar.dll
O3 - Toolbar: ????? - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\NHN\NaverJump\NaverJump_1_9_0_11.dll
O3 - Toolbar: Biaswarn - {7AE76415-211A-6E82-2E56-D5E4C001F274} - C:\PROGRA~1\FASTDR~1\Date Size.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C:\WINDOWS\System32\conimekr.exe] conimekr
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [conimekr] C:\WINDOWS\System32\conimekr.exe
O4 - HKLM\..\Run: [msadtech] C:\WINDOWS\System32\MsAdTech.exe
O4 - HKLM\..\Run: [balm math] C:\PROGRA~1\BOOKST~1\chicprogram.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NATE ON 2.0] C:\Program Files\NATEON\BIN\NATEON.exe -as
O4 - Startup: ntuser.dat
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Startup: plugin131.trace
O4 - Startup: ~
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 백과사전 검색 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_0_11.dll /S100.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_0_11.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_0_11.dll /JKTRANS.HTML
O8 - Extra context menu item: 네이버 지식iN 검색 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_0_11.dll /KBIN.HTML
O8 - Extra context menu item: 네이버 통합 검색 - res://C:\Program Files\NHN\NaverJump\NaverJump_1_9_0_11.dll /SEARCH.HTML
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {06228E75-DEB1-11D3-B702-00001CD5DA14} (AxINIplugin20 Control) - http://www.hanbill.com/initech/client/axINIplugin20.cab
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} - http://cab.terebi.co.kr:8080/MyLinker.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14399F4E-7698-468C-B988-66486085A306} (HgbLauncher Class) - http://down.hangame.com/iservice/messenger/inst/ver1011/launcher.cab
O16 - DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} (CfClient Class) - http://www.iloveschool.co.kr/cfcli.cab
O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.livecall.co.kr/pds/module/livecall.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {2D394D05-A066-4678-BA38-E85882B09B2E} (Controller Class) - http://www.cosmotan.com/cabinet/myspeed.cab
O16 - DPF: {32B1CE68-43D9-4D06-8BE9-418F0B94B46A} (Nowpds Control) - http://www.nownuri.net/component/pds/Nowpds.cab
O16 - DPF: {32E4889E-57F2-43B0-AB89-E7782D0F698F} (HardmoaX Class) - http://www.hardmoa.com/moaexplorer/cab/1,0,0,5/hardmoax.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {345CA9DC-1600-4CD2-BFCF-7B57DD1A32DA} (NeoworkInstall Control) - http://easyinstall.icons.com.ne.kr/easyinstall/ocx/ver1003/NeoworkInstall.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK3 Control) - http://www.wooribank.com/bio/SCSK4.cab
O16 - DPF: {3D44DAFC-FB1C-43B0-B7AB-0F68ACC07A7B} (FCaller Control) - http://211.233.17.80/FingerPaymentSystem/ocx/FCaller0430.cab
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.mgisoft.com/ActiveX/LPControl.cab
O16 - DPF: {40DAE6B0-A936-4FA4-A69D-5AFBDFC6CCFF} (DaumQueueLauncher Class) - http://appupdate.popfolder.co.kr/download/DaumQAx.cab
O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://bar.hangame.naver.com/bar/HGAgentClient.cab
O16 - DPF: {51C85B75-6530-42CB-8F76-13BF0EA64271} (NJUpdateControl Class) - http://218.153.6.132/NJUpdCtl33.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (Nhnplayer Control) - http://down.hangame.com/iservice/chat/NHNPlayer/nhnplayerx.cab
O16 - DPF: {5B956BA9-ABFF-4EF4-B61F-19E88DCCFFC9} (eCredit CardNo) - http://pg.dacom.net/mert/pg/mcard.cab
O16 - DPF: {5CBED04F-42E6-4BEC-A087-C20012B6308B} (SCLiveUp Class) - http://cash.nate.com/NeSignLU.cab
O16 - DPF: {64D76536-0173-4873-AEC4-FF0A70DE3781} (BugsPlay Control) - http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://www.yescard.co.kr/initech/plugin/axINIplugin40.cab
O16 - DPF: {6D072F11-F35C-49CE-AAC1-F4FB876E8C74} (ScudAgent Control) - http://lwk0907.cafe24.com/ScudAgent.cab
O16 - DPF: {71856E76-E326-4825-BFD2-534D9545A414} (MakeProc Class) - http://www.gsnu.ac.kr:9999/modules/jonghap/mproc.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/XecureObject/XecureWeb/xw_install.cab
O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://pg.dacom.net/penta/ISSACWebSE2.cab
O16 - DPF: {89E2750F-B892-476F-A1C3-63ED47BCAC9D} (Webibiz Control) - http://www.meetstudy.com/msgr/install/ibiz/Liveclass/Webibiz.cab
O16 - DPF: {8FA141C5-29D7-4408-A57B-619C463ED7BB} (Cychannel_Club1_10.UserControl1) - http://club00.cyworld.com/cychannel_club/Cychannel_Clubmain1_11.CAB
O16 - DPF: {920AB56F-933F-4469-A779-E228554CBDA2} (FcCommCtrl.PDSDropBox) - http://home.freechal.com/etc/FcActivePackage/FcCommCtrl/FcCommCtrl.CAB
O16 - DPF: {956C9F5B-0EEB-41B5-9D7B-FAD968AF9469} (HanGamePlugin13 Class) - http://down.hangame.com/dist/activex/HanGamePlugin13.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl203.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {98930E59-5BF8-4700-B79D-0BC3F882528E} (like Class) - http://www.nownuri.net/component/session/session.cab
O16 - DPF: {9A19966F-AE0E-4699-8CCE-9B6F5F1C352C} (NPKXSite Control) - http://211.172.247.223/nprotect/npkx/npkxsite.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myfirewall/myfirewall20.cab
O16 - DPF: {A4EBE86D-6737-4076-AB7E-F5FBE337AE68} (IdiskLauncher Control) - http://idisk.megapass.net/web/IdiskLauncher.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {BACC7426-420C-4EDC-A1E6-8AF9B418290B} (ALDownX Control) - http://www.altools.com/ALDownXControl.cab
O16 - DPF: {BE068095-EEF1-485C-AA1B-288860ACFAED} (INIwallet00 Control) - http://plugin.inicis.com/INIwallet00.cab
O16 - DPF: {C320CD4A-7977-4FD2-BBB7-9E6CC61837C5} (INIwallet01 Control) - http://plugin.inicis.com/INIwallet01.cab
O16 - DPF: {C3D90D16-DEA2-4C12-9FF7-C163C58426FA} (XME32 Class) - http://www.roadi.com/templates/me2000.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab
O16 - DPF: {D0E2D4C6-F65D-4967-A22C-BB0C6245A631} (HanafosDN Control) - http://bin.hanafos.com/HanafosDN/HanafosDN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D44C7CBF-FB35-41CF-8D6C-C0A2143EB46C} (Yessign3 Control) - http://www.giro.or.kr/yessign/cab/yessign3.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Touch.cab
O16 - DPF: {DBCEFBFE-B49D-4D6C-B024-FE1903C0366E} (XBTSessionManager Control) - http://login.bugsmusic.co.kr/reg/cab/XBTSessionManager.CAB
O16 - DPF: {DDB71FEC-1FAF-439D-AAF9-C27E46C8B44C} (PiaExplorer Control) - http://www.filepia.com/sub/piafolder/down/PiaExplorer.cab
O16 - DPF: {EADBDB84-2341-4AD0-9FAF-4F1F31CF4A46} (LoginForm Class) - http://pointsok.okcashbag.com/skmpp/SKMPPClient2.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab
O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F91FAD8-9112-4DE3-8DFF-6ED1843A427C}: NameServer = 165.132.10.21,165.132.10.41
O17 - HKLM\System\CS1\Services\Tcpip\..\{2F91FAD8-9112-4DE3-8DFF-6ED1843A427C}: NameServer = 165.132.10.21,165.132.10.41
O17 - HKLM\System\CS2\Services\Tcpip\..\{2F91FAD8-9112-4DE3-8DFF-6ED1843A427C}: NameServer = 165.132.10.21,165.132.10.41

Comments

  • mondimondi Icrontian
    edited May 2004
    and somehow my post never got through, anyway:

    get rid of the following:

    R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
    O2 - BHO: (no name) - {EBD945B9-EFFA-28DA-BD70-31CC13EC89A8} - C:\PROGRA~1\FASTDR~1\Date Size.dll
    O3 - Toolbar: Biaswarn - {7AE76415-211A-6E82-2E56-D5E4C001F274} - C:\PROGRA~1\FASTDR~1\Date Size.dll

    O4 - HKLM\..\Run: [C:\WINDOWS\System32\conimekr.exe] conimekr
    O4 - HKLM\..\Run: [conimekr] C:\WINDOWS\System32\conimekr.exe
    O4 - HKLM\..\Run: [msadtech] C:\WINDOWS\System32\MsAdTech.exe
    O4 - HKLM\..\Run: [balm math] C:\PROGRA~1\BOOKST~1\chicprogram.exe

    O4 - Startup: ntuser.dat
    O4 - Startup: NTUSER.DAT.LOG
    O4 - Startup: ntuser.ini
    O4 - Startup: plugin131.trace
    O4 - Startup: ~

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2F91FAD8-9112-4DE3-8DFF-6ED1843A427C}: NameServer = 165.132.10.21,165.132.10.41
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2F91FAD8-9112-4DE3-8DFF-6ED1843A427C}: NameServer = 165.132.10.21,165.132.10.41
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2F91FAD8-9112-4DE3-8DFF-6ED1843A427C}: NameServer = 165.132.10.21,165.132.10.41

    theres some stuff that because I understand no Korean whatsoever im unsure of as to whether you should get rid of, so,,, get rid of these first and if the problem persists then post a new log and we'll go through it step by step.


    also: you have alot og entries in there at the end that im not sure you need/want, Id go through and check that you still use the programs/websites referenced and get rid of them if not...

    m
Sign In or Register to comment.