Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help to remove the "remove toolbar" adware


  • Please log in to reply

#1
sccv

sccv

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

My computer (P3 at 1Ghz, windows 2000) is having a problem with IE browser (ver. 5.5). A toolbar named "remove toolbar" appears on IE browser and a program named WareOut was installed. I have uninstalled WareOut thru Windows Add/Remove Program function but am unable to remove the toolbar "remove toolbar".

I read two threads about this problem in this forum

http://www.geekstogo...opic=60299&st=0

http://www.geekstogo...opic=51763&st=0

and I follow the first one, i.e. I had run Silent Runners, then made a file named fixware.reg and merged to the registry and also run RKFiles.bat to have a log.txt file.

The following texts are log files from Silent Runners, RKFiles and hijackthis.

=============
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [MS]
"Yahoo! Pager" = "D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"WareOut" = ""D:\Program Files\WareOut\WareOut.exe"" [file not found]
"ERTYDF" = "porka_.exe" [file not found]
"sysconf16" = "killall.exe" [file not found]
"uio" = "pizda.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"SunJavaUpdateSched" = "D:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe" [null data]
"Zone Labs Client" = "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"TkBellExe" = ""D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"KAVPersonal50" = ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" ["Kaspersky Lab"]
"hwiper.exe" = "D:\WINNT\system32\hwiper.exe" [null data]
"Preliminary" = "ssweeper.exe" [file not found]
"lpt" = "newbreed.exe" [file not found]
"dmrgh.exe" = "D:\WINNT\system32\dmrgh.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{08BEC6AA-49FC-4379-3587-4B21E286C19E}\(Default) = "SearchToolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\WINNT\system32\lvcgn.dll" [null data]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = "IeCatch2 Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "d:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "D:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{cff79e04-6987-11d4-b94f-006097975dba}" = "LcdFriendly"
-> {CLSID}\InProcServer32\(Default) = "d:\program files\space international\cdspace 4.1\lcdshell.dll" ["Space International"]
"{32A9D769-5B55-4a25-9A62-86B5683FE50A}" = "NikonView Drop Extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Nikon\NkView6\NkvDropExt.dll" ["Nikon Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cshtc.exe" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
LcdFriendly\(Default) = "{cff79e04-6987-11d4-b94f-006097975dba}"
-> {CLSID}\InProcServer32\(Default) = "d:\program files\space international\cdspace 4.1\lcdshell.dll" ["Space International"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies [Description] {enabled Group Policy setting}:
------------------------------------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HIJACK WARNING! "NoBandCustomize"=dword:00000001
[disables toolbar status changes in Internet Explorer|View|Toolbars]
{User Configuration|Administrative Templates|Windows Components|
Internet Explorer|Toolbars|Disable customizing browser toolbars}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\SCCV\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINNT\system32\ssstars.scr" [MS]


Startup items in "SCCV" & "All Users" startup folders:
------------------------------------------------------

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
"LCDPlayer" -> shortcut to: "D:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe" ["Space International, Inc."]
"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"NkvMon.exe" -> shortcut to: "D:\Program Files\Nikon\NkView6\NkvMon.exe" ["Nikon Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "d:\program files\google\googletoolbar2.dll" ["Google Inc."]

"{08BEC6AA-49FC-4379-3587-4B21E286C19E}" = "SearchToolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\WINNT\system32\lvcgn.dll" [null data]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "d:\program files\google\googletoolbar2.dll" ["Google Inc."]

"{08BEC6AA-49FC-4379-3587-4B21E286C19E}" = "SearchToolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\WINNT\system32\lvcgn.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "d:\program files\google\googletoolbar2.dll" ["Google Inc."]

"{08BEC6AA-49FC-4379-3587-4B21E286C19E}" = "SearchToolbar"
-> {CLSID}\InProcServer32\(Default) = "D:\WINNT\system32\lvcgn.dll" [null data]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "D:\WINNT\system32\msjava.dll" [MS]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll" ["Yahoo! Inc."]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "D:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{308E7D20-4763-3EFA-11CA-9B28E48CD2CA}" = "atl_helper"
-> {CLSID}\InProcServer32\(Default) = "stuffmon.dll" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

kavsvc, kavsvc, ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"" ["Kaspersky Lab"]
TrueVector Internet Monitor, vsmon, "D:\WINNT\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 42 seconds, including 19 seconds for message boxes)
============================

============ (log.txt)===========

D:\Documents and Settings\SCCV\Desktop

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
D:\WINNT\system32\bndmod.exe: UPX!
D:\WINNT\system32\hlmicro.exe: UPX!
D:\WINNT\system32\MACDec.dll: UPX!
D:\WINNT\system32\MonkeySource.ax: UPX!

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
Finished
bye
===========================

=======HijackThis v1.99.1===========
Logfile of HijackThis v1.99.1
Scan saved at 2:42:09 PM, on 9/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\Explorer.EXE
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\system32\internat.exe
D:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe
D:\Program Files\Nikon\NkView6\NkvMon.exe
D:\WINNT\system32\ZoneLabs\vsmon.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINNT\system32\taskmgr.exe
D:\WINNT\system32\NOTEPAD.EXE
D:\Documents and Settings\SCCV\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.60.21.4:80
R3 - URLSearchHook: (no name) - {308E7D20-4763-3EFA-11CA-9B28E48CD2CA} - stuffmon.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - D:\WINNT\system32\lvcgn.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - D:\WINNT\system32\lvcgn.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [hwiper.exe] D:\WINNT\system32\hwiper.exe
O4 - HKLM\..\Run: [Preliminary] ssweeper.exe
O4 - HKLM\..\Run: [lpt] newbreed.exe
O4 - HKLM\..\Run: [dmexw.exe] D:\WINNT\system32\dmexw.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [WareOut] "D:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [ERTYDF] porka_.exe
O4 - HKCU\..\Run: [sysconf16] killall.exe
O4 - HKCU\..\Run: [uio] pizda.exe
O4 - Global Startup: LCDPlayer.lnk = D:\Program Files\SPACE INTERNATIONAL\CDSpace 4.1\LCDPlyer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {00B01793-E086-4764-950C-DBE2364FEB41} (QMSforAll Control) - http://myspeed.hanar...b/qmsforall.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www2.stlu.com...eetnoagent7.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {2A8C9C77-DA27-4D81-BBC9-873A892CEE38} (IMAPControler Control) - http://www.chzero.co...IMAPOCX_WEB.CAB
O16 - DPF: {309A42C6-4114-11D4-AF7B-30A024C32DBA} (Report Designer 3.0 Control) - http://ekist.kist.re.../rdviewer30.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://pib.wooribank...s/bio/scsk4.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123215234765
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://pib.wooribank.../xw_install.cab
O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} (SLViewer Control) - http://www.ebsi.co.k...eX/SLViewer.CAB
O16 - DPF: {95ECBC00-7121-4379-BD64-69B42A0F1123} (MapID Control) - http://www.mapid.net...X/MapID_V15.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A2A4336A-E49E-44E8-B152-E98E841CFA24} (Update Control) - http://www.chzero.co...roMapUpdate.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://asp.congnamul...Map4Asp_V19.cab
O16 - DPF: {E0BF7A2B-2F7C-497A-B50F-292D3F317965} (CongnamulMap Control) - http://www.congnamul...amulMap_V14.cab
O16 - DPF: {E1AC9563-A1E3-45B8-A5CE-5C19E34EC6AC} (ComTop Class) - http://www.arirang.c...X/ArirangTv.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0254005B-BA60-4F71-814D-103152E7E760}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{337EF562-65A6-44B1-A3FB-D8B808C6A797}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{74D1840E-716D-4537-966E-F1BF8FB4DF80}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{96E94F3D-90A5-4F79-87C9-0F4511CF232E}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{97494E22-A1E6-4E01-8ADB-DE692F08B37F}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{E40572E4-CB60-48EC-B181-632A7C084DD3}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{F12AEC86-86BF-4D5E-AFDA-F33B6BFCF803}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{0254005B-BA60-4F71-814D-103152E7E760}: NameServer = 69.50.168.140,85.255.112.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{0254005B-BA60-4F71-814D-103152E7E760}: NameServer = 69.50.168.140,85.255.112.21
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINNT\system32\ZoneLabs\vsmon.exe

======================

Please have a look at it and guide me to solve the problem. Thanks.
  • 0

Advertisements


#2
sccv

sccv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Sorry, I put this topic in wrong place. Please help me to move it to forum "Malware Removal - HiJackThis Logs Go Here". Thank.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP