Options
Please help..I'm at a loss!!!
Hi all.
First of all, hello, and thank you in advance for anyone helping me with this. I am a SSG in the US Army, (stationed in korea) and my girlfriends computer has some issues. First of all....
when i go to a web page, and close it out, it DOES NOT CLOSE. i can keep going to different websites, but can't close to get out of them. During this, the CPU says it is at 100% (after i click CTRL ALT DEL to try and stop everything).
some programs i have will not work as it says virtual memory needs to be a minimum of 3 %.
I have scanned with spybot, avg, ad aware, etc. She does use norton's antivirus, but it is a "free version" when she bought the computer. (she is korean by the way, so that is why the log i attached looks weird) anyway, here is the file from Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at ¿ÀÈÄ 6:52:01, on 2007-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\¹ÙÅÁ ȸé\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,exe.exeexe.exeexe.exeexe.exeexe.exeexe.exe
O2 - BHO: nop Class - {537E69E9-ACE1-43e3-8659-06811DFE0BCC} - C:\program Files\Op pro\sys32.dll
O3 - Toolbar: ³×À̹ö Åø¹Ù(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_1_55.dll
O3 - Toolbar: Windows OpenSearch - {793E0B8F-9387-4C53-8F0B-A903B72EDA63} - C:\program Files\OpenPro\OpBand.dll
O3 - Toolbar: ¾ßÈÄ! Åø¹Ù - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: OK Åø¹Ù - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Op Search - {8D624CC5-659C-459e-B6B3-39DBC6F2FF80} - C:\program Files\Op pro\sys.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [snppro] C:\WINDOWS\vsnppro.exe
O4 - HKLM\..\Run: [PCDoc] C:\Program Files\PCDoc\PCDocMain.exe
O4 - HKLM\..\Run: [NetpiaLite] C:\WINDOWS\system32\NetpiaMail.exe
O4 - HKLM\..\Run: [asnv2746] C:\Program Files\youthlove\ylupdate.exe
O4 - HKLM\..\Run: [svhcost] C:\WINDOWS\system32\svhcost.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe
O4 - HKLM\..\Run: [OKMaster] C:\Program Files\OKToolbar\OKMaster.exe
O4 - HKLM\..\Run: [nProtectPersonal(BasedCode)] C:\Program Files\INCAInternet\nProtectPersonal\BasedCode\nploginv.exe
O4 - HKLM\..\Run: [SoundUpdate] C:\program Files\Op pro\Update.exe
O4 - HKLM\..\Run: [SF] C:\Program Files\SearchFree\SFSetup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: ¹«·á ¹é½Å - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: OpenSearch °Ë»ö - {7FCE138D-DC4A-42c8-86B5-7E14B4602BEB} - C:\program Files\OpenPro\OpBand.dll
O9 - Extra 'Tools' menuitem: OpenSearch - {7FCE138D-DC4A-42c8-86B5-7E14B4602BEB} - C:\program Files\OpenPro\OpBand.dll
O9 - Extra button: ¸®¼Ä¡ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: opSearch°Ë»ö - {955582FE-8225-4bf8-B813-A349C96AD4B7} - C:\program Files\OpenPro\OpBand.dll
O9 - Extra 'Tools' menuitem: opSearch - {955582FE-8225-4bf8-B813-A349C96AD4B7} - C:\program Files\OpenPro\OpBand.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A4E624A-F7EA-4313-B721-C5669E0C6266} (TrustSiteAuction Control) - http://download.auction.co.kr/activexpay/TrustSiteAuctionCtrl.cab
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://www.siren24.com/nprotect/down/NPPWebInstallV2.cab
O16 - DPF: {0F05AEB9-BAF7-4682-9A4C-E8532F6E9987} (BankPayPGX Control) - https://npg.tgcorp.com/dlp/new_kftc/js/BankPayPGX.cab
O16 - DPF: {11111004-A15C-11D4-97A4-0050BF0FBE67} (HangameDHOStarter4 Class) - http://download.netmarble.com/web/nmstarter/Hangame/HangameDHOStarter4.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/viewer/2007/0126/naver/NHNComicViewer.cab
O16 - DPF: {23EFA339-4BDB-4945-8F05-E10FF23C5170} (Pcdoctor_activeX Control) - http://www.pcdoc.co.kr/program/pcdoc.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://image.cjmall.com/initech/plugin/down/INIS60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F7} (YBox Control) - http://kr.music.yahoo.com/Components/YMusicPack.cab
O16 - DPF: {436A95AC-A449-4A6B-84AB-6D83C32F512C} (Nuri Agent) - http://weblink.nuribox.co.kr/NuriAgentX.cab
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://update.nprotect.net/npcore/npav/nps.cab
O16 - DPF: {578F2299-722B-4246-9AEB-56885F8AB1EF} (JoyhuntingSmart Control) - http://220.95.215.149/InstallFiles/JoySmartCtrl.cab
O16 - DPF: {5D9446DB-E849-4B95-9872-D0C21343ABF0} (MAWizard Class) - http://www.csafer.net/ActiveX/MASetupWizard.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170402188779
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://img.yahoo.co.kr/multi/2005/tool/player/20051026/SVPorsche.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179991972306
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v7.0.9.5/xw_install.cab
O16 - DPF: {90204763-E824-4389-8F2E-8EE6AADEFA74} (SDUpdate.Starter) - http://gamewang.co.kr/download/SDUpd.CAB
O16 - DPF: {9103166D-A34B-45A2-91F5-73D508C7A650} (NateComicViewer Class) - http://crayondata.cyworld.nate.com/OCX/install/NateComicViewer.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab
O16 - DPF: {A5F3B5CF-A05F-479E-B684-13AA512A7B93} (YGLauncher Control) - http://kr.pubbase.yahoo.com/gamesetup/YGLauncher2.cab
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} (BankPayEFTCtrl Control) - http://download.auction.co.kr/activexpay/BankPayEFT.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {BFB6D72C-1030-47E4-88A2-614ACCC92467} (MaxMp3VSet Class) - http://www.mnet.com/MaxMP3/Html/MPlayer/Movie/__P2P__/Package/p3mxvset.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1009 Class) - http://id.hangame.com/common/HanSetup1009.cab
O16 - DPF: {C3B36463-0C0C-49DE-AAD8-7E6786174129} (GzLauncher Class) - http://sign.ndoors.com/confirm/GzLauncher.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://casx.musiccity.co.kr/hangame/dll/p3hangameset.cab
O16 - DPF: {D489EEBD-8F0D-45C3-9F78-7AD6FC3EFE88} (SETUP Control) - http://www.cymon.co.kr/downgame/CymonSetup.cab
O16 - DPF: {DC1D59E2-ABFF-49F6-9BC3-D14DBC611CAB} (AMLauncherCtrl Class) - http://amb.am.co.kr/AMLauncher/cab/1,0,0,1/AMLauncher.cab
O16 - DPF: {E2165EB4-4E3D-4888-A1D9-8557E015ABFD} (p3doset Class) - http://www.donutsmovie.com/contents/package/p61025/p3doset.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {E7D2B321-435E-4037-BCCB-6694459B1DBE} (Mfile File Share Control7) - http://mfile.co.kr/mmsv/MfileWebControl2.CAB
O16 - DPF: {F33832DF-8BF6-4455-9D1A-FF1BD2BB0EB3} (prjCymonGameExe.CymonExe) - http://www.cymon.co.kr/downgame/CymonGame.CAB
O20 - Winlogon Notify: mallocator - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
i REALLY hope someone can helpme out with this...i leave for the US in a week for school, and then "elsewhere", and i don't want to leave her with a jacked up computer....thanks again for your assistance. Please feel free to email me as well. ANY HELP would be appreciated!!!
First of all, hello, and thank you in advance for anyone helping me with this. I am a SSG in the US Army, (stationed in korea) and my girlfriends computer has some issues. First of all....
when i go to a web page, and close it out, it DOES NOT CLOSE. i can keep going to different websites, but can't close to get out of them. During this, the CPU says it is at 100% (after i click CTRL ALT DEL to try and stop everything).
some programs i have will not work as it says virtual memory needs to be a minimum of 3 %.
I have scanned with spybot, avg, ad aware, etc. She does use norton's antivirus, but it is a "free version" when she bought the computer. (she is korean by the way, so that is why the log i attached looks weird) anyway, here is the file from Hijack this:
Logfile of HijackThis v1.99.1
Scan saved at ¿ÀÈÄ 6:52:01, on 2007-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\¹ÙÅÁ ȸé\HijackThis.exe
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,exe.exeexe.exeexe.exeexe.exeexe.exeexe.exe
O2 - BHO: nop Class - {537E69E9-ACE1-43e3-8659-06811DFE0BCC} - C:\program Files\Op pro\sys32.dll
O3 - Toolbar: ³×À̹ö Åø¹Ù(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_1_55.dll
O3 - Toolbar: Windows OpenSearch - {793E0B8F-9387-4C53-8F0B-A903B72EDA63} - C:\program Files\OpenPro\OpBand.dll
O3 - Toolbar: ¾ßÈÄ! Åø¹Ù - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: OK Åø¹Ù - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Op Search - {8D624CC5-659C-459e-B6B3-39DBC6F2FF80} - C:\program Files\Op pro\sys.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [snppro] C:\WINDOWS\vsnppro.exe
O4 - HKLM\..\Run: [PCDoc] C:\Program Files\PCDoc\PCDocMain.exe
O4 - HKLM\..\Run: [NetpiaLite] C:\WINDOWS\system32\NetpiaMail.exe
O4 - HKLM\..\Run: [asnv2746] C:\Program Files\youthlove\ylupdate.exe
O4 - HKLM\..\Run: [svhcost] C:\WINDOWS\system32\svhcost.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe
O4 - HKLM\..\Run: [OKMaster] C:\Program Files\OKToolbar\OKMaster.exe
O4 - HKLM\..\Run: [nProtectPersonal(BasedCode)] C:\Program Files\INCAInternet\nProtectPersonal\BasedCode\nploginv.exe
O4 - HKLM\..\Run: [SoundUpdate] C:\program Files\Op pro\Update.exe
O4 - HKLM\..\Run: [SF] C:\Program Files\SearchFree\SFSetup.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: ¹«·á ¹é½Å - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: OpenSearch °Ë»ö - {7FCE138D-DC4A-42c8-86B5-7E14B4602BEB} - C:\program Files\OpenPro\OpBand.dll
O9 - Extra 'Tools' menuitem: OpenSearch - {7FCE138D-DC4A-42c8-86B5-7E14B4602BEB} - C:\program Files\OpenPro\OpBand.dll
O9 - Extra button: ¸®¼Ä¡ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: opSearch°Ë»ö - {955582FE-8225-4bf8-B813-A349C96AD4B7} - C:\program Files\OpenPro\OpBand.dll
O9 - Extra 'Tools' menuitem: opSearch - {955582FE-8225-4bf8-B813-A349C96AD4B7} - C:\program Files\OpenPro\OpBand.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A4E624A-F7EA-4313-B721-C5669E0C6266} (TrustSiteAuction Control) - http://download.auction.co.kr/activexpay/TrustSiteAuctionCtrl.cab
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://www.siren24.com/nprotect/down/NPPWebInstallV2.cab
O16 - DPF: {0F05AEB9-BAF7-4682-9A4C-E8532F6E9987} (BankPayPGX Control) - https://npg.tgcorp.com/dlp/new_kftc/js/BankPayPGX.cab
O16 - DPF: {11111004-A15C-11D4-97A4-0050BF0FBE67} (HangameDHOStarter4 Class) - http://download.netmarble.com/web/nmstarter/Hangame/HangameDHOStarter4.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/viewer/2007/0126/naver/NHNComicViewer.cab
O16 - DPF: {23EFA339-4BDB-4945-8F05-E10FF23C5170} (Pcdoctor_activeX Control) - http://www.pcdoc.co.kr/program/pcdoc.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://image.cjmall.com/initech/plugin/down/INIS60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F7} (YBox Control) - http://kr.music.yahoo.com/Components/YMusicPack.cab
O16 - DPF: {436A95AC-A449-4A6B-84AB-6D83C32F512C} (Nuri Agent) - http://weblink.nuribox.co.kr/NuriAgentX.cab
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://update.nprotect.net/npcore/npav/nps.cab
O16 - DPF: {578F2299-722B-4246-9AEB-56885F8AB1EF} (JoyhuntingSmart Control) - http://220.95.215.149/InstallFiles/JoySmartCtrl.cab
O16 - DPF: {5D9446DB-E849-4B95-9872-D0C21343ABF0} (MAWizard Class) - http://www.csafer.net/ActiveX/MASetupWizard.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170402188779
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://img.yahoo.co.kr/multi/2005/tool/player/20051026/SVPorsche.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179991972306
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v7.0.9.5/xw_install.cab
O16 - DPF: {90204763-E824-4389-8F2E-8EE6AADEFA74} (SDUpdate.Starter) - http://gamewang.co.kr/download/SDUpd.CAB
O16 - DPF: {9103166D-A34B-45A2-91F5-73D508C7A650} (NateComicViewer Class) - http://crayondata.cyworld.nate.com/OCX/install/NateComicViewer.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab
O16 - DPF: {A5F3B5CF-A05F-479E-B684-13AA512A7B93} (YGLauncher Control) - http://kr.pubbase.yahoo.com/gamesetup/YGLauncher2.cab
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} (BankPayEFTCtrl Control) - http://download.auction.co.kr/activexpay/BankPayEFT.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {BFB6D72C-1030-47E4-88A2-614ACCC92467} (MaxMp3VSet Class) - http://www.mnet.com/MaxMP3/Html/MPlayer/Movie/__P2P__/Package/p3mxvset.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1009 Class) - http://id.hangame.com/common/HanSetup1009.cab
O16 - DPF: {C3B36463-0C0C-49DE-AAD8-7E6786174129} (GzLauncher Class) - http://sign.ndoors.com/confirm/GzLauncher.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://casx.musiccity.co.kr/hangame/dll/p3hangameset.cab
O16 - DPF: {D489EEBD-8F0D-45C3-9F78-7AD6FC3EFE88} (SETUP Control) - http://www.cymon.co.kr/downgame/CymonSetup.cab
O16 - DPF: {DC1D59E2-ABFF-49F6-9BC3-D14DBC611CAB} (AMLauncherCtrl Class) - http://amb.am.co.kr/AMLauncher/cab/1,0,0,1/AMLauncher.cab
O16 - DPF: {E2165EB4-4E3D-4888-A1D9-8557E015ABFD} (p3doset Class) - http://www.donutsmovie.com/contents/package/p61025/p3doset.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {E7D2B321-435E-4037-BCCB-6694459B1DBE} (Mfile File Share Control7) - http://mfile.co.kr/mmsv/MfileWebControl2.CAB
O16 - DPF: {F33832DF-8BF6-4455-9D1A-FF1BD2BB0EB3} (prjCymonGameExe.CymonExe) - http://www.cymon.co.kr/downgame/CymonGame.CAB
O20 - Winlogon Notify: mallocator - C:\WINDOWS\
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
i REALLY hope someone can helpme out with this...i leave for the US in a week for school, and then "elsewhere", and i don't want to leave her with a jacked up computer....thanks again for your assistance. Please feel free to email me as well. ANY HELP would be appreciated!!!
0
Comments
The computer is quite infected. I'd need you to scan a few files please...
- Go to VirusTotal
- Copy and paste the following file path into the Search Box at the top of the page:
- C:\WINDOWS\vsnppro.exe
- Click on the Send button
- Please post the results in your next reply.
Do the same for the following Files:C:\Program Files\youthlove\ylupdate.exe
C:\WINDOWS\system32\svhcost.exe
Next, I need you to enable the programs disabled on Startup. You can do this by doing the following...
- Go to Start > Run > Type msconfig
- Click the Startup Tab
- Click Enable All
- Click Apply and then Close
- Click on Exit Without Reboot
Please post the following...Info from scanned files
New HijackThis log