Hi, i'm also New to this site.
i was trying to solve this Fastwebfinder problem myself but failed
so i found this site on google, need some help please..
here's my log.
i'm using 2 bytes words(korean) system.
so you may can't read some words, sorry for this!
(ietoy.exe & Ahnsdsv.exe are kind of safe program.)
Please Help!




Logfile of HijackThis v1.97.6
Scan saved at ¿ÀÈÄ 9:59:08, on 2003-11-16
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\program files\ie toy\ietoy.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Dogfur_2\¹ÙÅÁ È­¸é\HijackThis.exe

O2 - BHO: (no name) - {234CFBE7-DD40-4694-B3BF-0C6479AED177} - C:\Program Files\IE Toy\ietoy.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ????? - {5D9CE7FD-8ACF-498E-9D42-159C9B404641} - C:\Program Files\IE Toy\ietoytb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IEToy] "c:\program files\ie toy\ietoy.exe"
O4 - HKCU\..\Run: [MyCleaner] "c:\program files\ie toy\MyCleaner.exe" /auto
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O8 - Extra context menu item: ¹Ìµð¾î ¼Ò½º º¸±â - c:\program files\ie toy\menuext\mplayer.htm
O8 - Extra context menu item: Á¸ ÇÑÀÚ»çÀü °Ë»ö - c:\program files\ie toy\menuext\selsearch_zonmal.htm
O8 - Extra context menu item: Ç÷¡½¬ ¼Ò½º º¸±â - c:\program files\ie toy\menuext\flash.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {62A859F8-F4A0-4C53-A02C-FE43199815C4} (PopdeskLauncher Class) - http://appupdate.popdesk.co.kr/files/download/PopdeskLauncher.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_9.CAB
O16 - DPF: {6AD92401-CE2D-452B-AA63-1291D60EC2D2} (AxINIplugin40 Control) - http://member.nate.com/initech/plugin/axINIplugin40.cab
O16 - DPF: {6EB1CE15-5D26-4A82-8814-EB7D52149852} (QueueMan Class) - http://appupdate.popdesk.co.kr/files/PopRecv/PopRecvAx.cab
O16 - DPF: {9AEBAA67-8B4D-4884-9EB7-8C6BEA20CE5C} (FileManager Control) - http://club.nate.com:9090/NetEditor.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37931.1301851852
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F68CACCC-C9A4-4A51-8EE9-694FF8A29248} (HDUpload Control) - http://club.hanafos.com/applet/HDUpload.cab
O16 - DPF: {F9CF6403-ECE4-420B-A181-9525EDA94D8A} (SendQAx Class) - http://appupdate.popdesk.co.kr/files/popsend/PopSendAx.cab

Hi!

A good start would be to download the latest version of CWShredder by Merijn Bellekom, of Hijack This and Startuplist fame.
Run it, press 'Next', and allow it to fix all it finds.

Restart your browser, and tell us whether that has helped.

_________________
Tony CLSID List

Thanks for your *quick* answer
that's simply removed it!
thank you very much
i think i'm first victim of korea
i gotta report this useful site & programs to my favorite korean tech sites

Glad we were able to help.

And yup, do spread the news!

_________________
Tony CLSID List