Jump to content
Sign in to follow this  
ricrisci

New log

Recommended Posts

Not sure if this will work but give this a try.

 

When you're attempting to type the '_', press these keys on your keyboard ..

 

Press ALT & keep it depressed

Then type these numbers 095

Release the ALT key

Does that give you the '_' ?

Good news and mostly bad. Yes, it gave the "_" but when I executed the command, I got "The system cannot find the file specified. 0 files expanded." I must be doing something wrong since the file MUST be on the Windows Installation CD (although it was the same one from which it was installed on my machine) but I cannot figure out what it is. I tried it many times with variations, too.

 

Is it possible the viruses/trojans, etc. got that deep into my machine to do that?

 

Is it time to give up and reinstall Windows? I hate to give up but...

Edited by ricrisci

Share this post


Link to post
Share on other sites

Take the CD to another machine. Open it & find out where the file vgaoem.fo_ resides. Note it down.

 

Then try again on the trouble machine.

 

Don't worry. Even if that fails, we still have other options.

Share this post


Link to post
Share on other sites

Take the CD to another machine. Open it & find out where the file vgaoem.fo_ resides. Note it down.

 

Then try again on the trouble machine.

 

Don't worry. Even if that fails, we still have other options.

The file resides in i386 which I found by exploring the CD. Weird however was that when I searched for it and limited the search to the CD drive it only found it in C:/Documents and Settings/Administrator/Local Settings/Application Data/Microsoft/CDBurning/i386, i.e. on my buddy's machine, NOT on my CD, and I hadn't set it to search there. Isn't that weird? Anyway, apparently whatever is prohibiting the search function from finding the file on the other machine is the same thing prohibiting finding it in the recovery console on mine.

 

Next step?

Share this post


Link to post
Share on other sites

Do you still have access to your buddy's machine? If so, let's expand the file there & save it to floppy disk so that it may be transferred to the trouble machine. When you next run the recovery console, you'll need to amend your commands to reflect the change in location. The file is now located at A:\VGAOEM.FON

 

C:\Windows>COPY A:\VGAOEM.FON C:\WINDOWS\SYSTEM

Share this post


Link to post
Share on other sites

We didn't have a floppy but we did copy it to a CD. I tried that unsuccessfully but I don't think I gave it the right command according to your example. I'll try it again.

 

The command I'll use then is

 

D:\Windows>COPY E:\VGAOEM.FON D:\WINDOWS\SYSTEM.

 

(My Windows is on my D drive, E is my CD.)

Edited by ricrisci

Share this post


Link to post
Share on other sites

How did it go?

 

COPY E:\VGAOEM.FON D:\WINDOWS\SYSTEM. <----

Do you have a dot in your command ? Edited by sUBs

Share this post


Link to post
Share on other sites

Right now, SpyBot is notifying me of a bunch of attempted Trojans, and a 'Critical System

Warning' is telling me I must download some software (which I of course did not do) to protect me against Spyware.CyberLog-X. Another alert appears to be from Trojan-Spy.win32@mx, that says I should click the balloon to DL software. Another for W32.Myzor.:filtered:@yf, etc.:

 

Spyware.CyberLog-X

Trojan-Spy.win32@mx

W32.Myzor.:filtered:@yf

Networm-i.Virus@fp

 

Help (again)!

 

P.S. Thanks for crashing your machine.

Share this post


Link to post
Share on other sites

I ran Fix.bat.

 

It deleted a million C:/qoobox files but at the end I saw it said it could not find two files but that files had been deleted successfully.

 

I hope that is what you wanted to know.

Share this post


Link to post
Share on other sites

That's good. Please run ComboFix now by double-clicking it.

 

I shall need to review the log that it produces.

Edited by sUBs

Share this post


Link to post
Share on other sites

Here's the log but I was connected to the internet and antivirus was running. Wasn't I supposed to switch both off? I'll do another if necessary.

 

ComboFix 07-11-04.3 - USER 2007-11-07 15:00:34.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT -8:00]

Running from: C:\Documents and Settings\USER\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk

C:\Documents and Settings\USER\Desktop\Live Safety Center.lnk

C:\Documents and Settings\USER\Desktop\Online Security Guide.lnk

C:\Documents and Settings\USER\Favorites\Online Security Guide.lnk

C:\WINDOWS\system32\juglhklf.dllbox

C:\WINDOWS\system32\qprqr.bak1

C:\WINDOWS\system32\qprqr.bak2

C:\WINDOWS\system32\qprqr.ini

C:\WINDOWS\system32\rqrpq.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_DOMAINSERVICE

-------\DomainService

 

 

((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))

.

 

2007-11-07 14:41 79,936 --a------ C:\WINDOWS\system32\boutctav.dll

2007-11-07 14:35 86,080 --a------ C:\WINDOWS\system32\jvhsbpby.dll

2007-11-07 14:33 145,984 --a------ C:\WINDOWS\system32\juglhklf.dll

2007-11-07 14:32 145,984 --a------ C:\WINDOWS\system32\xcuswrbd.dll

2007-11-07 14:29 71,232 --a------ C:\WINDOWS\system32\tgiwkwsl.exe

2007-11-05 18:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-11-05 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-11-05 14:13 <DIR> d-------- C:\WINDOWS\fonts

2007-11-05 12:16 786 --a------ C:\2139.bat

2007-11-05 07:42 35,328 --a------ C:\WINDOWS\system32\tuvsqon.dll

2007-11-05 07:42 82 --a------ C:\n.bat

2007-11-05 07:42 0 --a------ C:\z.dat

2007-11-05 07:41 786 --a------ C:\7269.bat

2007-11-04 21:41 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-04 21:15 <DIR> d-------- C:\Program Files\Opera

2007-11-04 21:01 <DIR> d-------- C:\Incomplete

2007-11-04 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-11-04 14:14 <DIR> d-------- C:\Program Files\Lavasoft

2007-11-04 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-11-04 14:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-11-04 14:09 <DIR> d-------- C:\HJT

2007-11-04 10:47 3,458 --a------ C:\WINDOWS\palist.dat

2007-11-04 10:47 16 --a------ C:\WINDOWS\packeep.dat

2007-11-04 10:46 <DIR> d-------- C:\Program Files\Spytech Software

2007-11-04 10:46 90,112 --a------ C:\WINDOWS\unvise32.exe

2007-11-04 10:46 85 --a------ C:\WINDOWS\paopts.dat

2007-11-04 10:46 42 --a------ C:\WINDOWS\system32\w32hlpb.sys

2007-11-04 10:46 42 --a------ C:\WINDOWS\system32\ntkernel32.sys

2007-11-04 06:28 32,768 --a------ C:\Documents and Settings\USER\pdf.exe

2007-11-03 21:02 <DIR> d-------- C:\Documents and Settings\USER\.housecall6.6

2007-11-02 21:15 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-11-02 21:15 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-11-02 21:15 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-11-02 21:15 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-11-02 21:14 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-11-02 21:14 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-11-02 21:13 <DIR> d-------- C:\Program Files\Alwil Software

2007-11-02 21:13 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-11-02 21:13 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-11-02 17:20 <DIR> d-------- C:\Program Files\Incomplete

2007-11-02 15:53 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-11-02 15:52 28,672 --a------ C:\Documents and Settings\USER\iexplorer.exe

2007-11-02 15:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2007-10-31 20:14 <DIR> d-------- C:\Program Files\Jetico

2007-10-31 19:41 12,229,736 --a------ C:\Program Files\bcrypt8(2).exe

2007-10-30 18:20 <DIR> d-------- C:\Program Files\KaraFun

2007-10-30 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio

2007-10-30 11:50 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

2007-10-30 11:50 1,571,930 --a------ C:\WINDOWS\system32\npmon.exe

2007-10-30 11:50 778,240 --a------ C:\WINDOWS\system32\npeutilex.dll

2007-10-30 11:50 61,440 --a------ C:\WINDOWS\system32\nphkapi.dll

2007-10-30 11:50 49,152 --a------ C:\WINDOWS\system32\npshare.dll

2007-10-30 11:50 45,056 --a------ C:\WINDOWS\system32\npshar2k.dll

2007-10-30 11:50 45,056 --a------ C:\WINDOWS\system32\npScan.dll

2007-10-30 11:50 36,938 --a------ C:\WINDOWS\system32\TeCtrl.dll

2007-10-30 11:50 34,312 --a------ C:\WINDOWS\system32\npPCStatusUninst.exe

2007-10-30 11:40 <DIR> d--h----- C:\XecureSSL

2007-10-30 11:40 <DIR> d--h----- C:\WINDOWS\yessign

2007-10-30 11:40 <DIR> d-------- C:\Program Files\SoftForum

2007-10-30 11:40 <DIR> d-------- C:\Program Files\NPKI

2007-10-30 11:39 <DIR> d-------- C:\WINDOWS\kdefense

2007-10-30 11:39 281,600 --a------ C:\WINDOWS\system32\kdfinj.dll

2007-10-30 11:39 151,552 --a------ C:\WINDOWS\system32\kdfmgr.exe

2007-10-30 11:39 61,440 --a------ C:\WINDOWS\system32\kdfmod.dll

2007-10-30 11:39 48,128 --a------ C:\WINDOWS\system32\Kdfhok.dll

2007-10-27 21:40 1,744 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-10-27 20:13 <DIR> d-------- C:\Program Files\Common Files\xing shared

2007-10-27 20:12 <DIR> d-------- C:\Program Files\Real

2007-10-27 20:12 <DIR> d-------- C:\Program Files\Common Files\Real

2007-10-27 18:58 25,755,448 --a------ C:\Program Files\wmp11-windowsxp-x86-enu.exe

2007-10-27 14:12 <DIR> d-------- C:\Documents and Settings\USER\Application Data\GRETECH

2007-10-27 12:51 <DIR> d-------- C:\Program Files\LimeWire

2007-10-26 23:31 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-10-26 23:31 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2007-10-26 23:15 <DIR> d-------- C:\Program Files\GRETECH

2007-10-25 22:23 <DIR> d-------- C:\Documents and Settings\USER\Incomplete

2007-10-25 22:19 <DIR> d-------- C:\Documents and Settings\USER\Application Data\LimeWire

2007-10-25 18:46 <DIR> d-------- C:\Downloads

2007-10-25 18:32 <DIR> d-------- C:\Documents and Settings\USER\Application Data\DivX

2007-10-25 18:31 <DIR> d-------- C:\Program Files\DivX

2007-10-24 17:51 <DIR> d-------- C:\Program Files\Common Files\Adobe

2007-10-24 11:22 <DIR> d-------- C:\WINDOWS\pss

2007-10-23 22:09 <DIR> d-------- C:\Program Files\Veoh Networks

2007-10-23 22:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-10-21 10:50 <DIR> d-------- C:\Program Files\MSXML 4.0

2007-10-20 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead

2007-10-20 12:33 <DIR> d-------- C:\Program Files\MagicISO

2007-10-18 06:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-10-18 02:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-10-18 02:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-10-18 00:43 262,144 --------- C:\WINDOWS\BCUnInstall.exe

2007-10-17 19:24 <DIR> d-------- C:\WINDOWS\Sun

2007-10-17 19:21 <DIR> d-------- C:\Program Files\Java

2007-10-17 19:21 <DIR> d-------- C:\Program Files\Common Files\Java

2007-10-17 19:05 1,411 --------- C:\WINDOWS\mozver.dat

2007-10-17 19:03 <DIR> d-------- C:\Program Files\uTorrent

2007-10-17 19:02 <DIR> d-------- C:\Documents and Settings\USER\Application Data\uTorrent

2007-10-17 18:24 <DIR> d-------- C:\Program Files\Binary Boy

2007-10-17 18:24 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Binary Boy

2007-10-17 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-28 05:32 --------- d-----w C:\Program Files\Common Files\Ahead

2007-10-28 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2007-10-25 04:38 13,288 ------w C:\WINDOWS\system32\drivers\mhk.sys

2007-10-24 06:11 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-20 20:49 --------- d-----w C:\Documents and Settings\USER\Application Data\Ahead

2007-10-19 06:28 --------- d-----w C:\Program Files\Common Files\LightScribe

2007-10-18 13:15 47,464 ------w C:\WINDOWS\system32\drivers\bcbus.sys

2007-10-17 02:26 --------- d-----w C:\Program Files\Declan's Korean Dictionary

2007-10-07 03:28 --------- d-----w C:\Documents and Settings\USER\Application Data\CyberLink

2007-10-07 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink

2007-10-07 02:08 --------- d-----w C:\Program Files\CyberLink

2007-10-07 02:03 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-10-07 01:57 --------- d-----w C:\Program Files\Nero

2007-10-05 00:58 --------- d-----w C:\Program Files\ReadWrite Korean

2007-10-05 00:57 --------- d-----w C:\Program Files\Korean HakGyo

2007-10-05 00:56 --------- d-----w C:\Program Files\Declan's Korean FlashCards

2007-10-04 23:04 --------- d-----w C:\Program Files\Microsoft.NET

2007-10-04 23:04 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-10-04 22:18 --------- d-----w C:\Program Files\microsoft frontpage

2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-09-28 16:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-09-28 16:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-09-28 16:07 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll

2007-09-28 16:07 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe

2007-09-28 16:07 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe

2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll

2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-09-14 04:46 91,496 ------w C:\WINDOWS\system32\drivers\bcswap.sys

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B4FFA72-8B9E-4F5E-A26B-DA67A24E6D6B}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

2007-11-07 14:33 145984 --a------ C:\WINDOWS\system32\juglhklf.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]

2007-11-05 07:42 35328 --a------ C:\WINDOWS\system32\tuvsqon.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\juglhklf.dll [2007-11-07 14:33 145984]

 

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\juglhklf.dll [2007-11-07 14:33 145984]

 

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 05:32]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 05:31]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 05:32]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 05:32]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 14:10]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"BCWipeTM Startup"="C:\Program Files\Jetico\BestCrypt\BCWipeTM.exe" [2007-10-28 22:03]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 02:06]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-27 20:13]

"PopupAgent"="C:\Program Files\Spytech Software\Spytech PopupAgent\PopupAgent.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 07:56]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14]

"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2007-06-21 11:26]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\tuvsqon.dll [2007-11-05 07:42 35328]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\juglhklf]

juglhklf.dll 2007-11-07 14:33 145984 C:\WINDOWS\system32\juglhklf.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsqon]

tuvsqon.dll 2007-11-05 07:42 35328 C:\WINDOWS\system32\tuvsqon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=hplun.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqrpq.dll

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"RichVideo"=2 (0x2)

"ose"=3 (0x3)

"NMIndexingService"=3 (0x3)

"NBService"=3 (0x3)

"LightScribeService"=2 (0x2)

 

R1 BC_3DES;BC_3DES;C:\WINDOWS\system32\drivers\BC_3DES.sys

R1 BC_BF128;BC_BF128;C:\WINDOWS\system32\drivers\BC_BF128.sys

R1 BC_BF448;BC_BF448;C:\WINDOWS\system32\drivers\BC_BF448.sys

R1 BC_BFish;BC_BFish;C:\WINDOWS\system32\drivers\BC_BFish.sys

R1 BC_CAST;BC_CAST;C:\WINDOWS\system32\drivers\BC_CAST.sys

R1 BC_DES;BC_DES;C:\WINDOWS\system32\drivers\BC_DES.sys

R1 BC_Gost;BC_Gost;C:\WINDOWS\system32\drivers\BC_Gost.sys

R1 BC_RC6;BC_RC6;C:\WINDOWS\system32\drivers\BC_RC6.sys

R1 BC_RIJN;BC_RIJN;C:\WINDOWS\system32\drivers\BC_RIJN.sys

R1 BC_SERP;BC_SERP;C:\WINDOWS\system32\drivers\BC_SERP.sys

R1 BC_TFISH;BC_TFISH;C:\WINDOWS\system32\drivers\BC_TFISH.sys

R1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys

R1 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys

R1 fsh;fsh;C:\WINDOWS\system32\drivers\fsh.sys

R3 mhk;mhk;C:\WINDOWS\system32\drivers\mhk.sys

R3 moh;moh;C:\WINDOWS\system32\drivers\moh.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42ca2040-72cd-11dc-abaa-806d6172696f}]

\Shell\AutoRun\command - E:\AutoRun.exe

 

.

**************************************************************************

 

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-07 15:09:57

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-11-07 15:13:25 - machine was rebooted

C:\ComboFix2.txt ... 2007-11-05 14:19

C:\ComboFix3.txt ... 2007-11-04 21:55

.

--- E O F ---

Share this post


Link to post
Share on other sites

2007-11-04 21:01 <DIR> d-------- C:\Incomplete

2007-11-02 17:20 <DIR> d-------- C:\Program Files\Incomplete

2007-10-25 18:46 <DIR> d-------- C:\Downloads

2007-10-25 22:23 <DIR> d-------- C:\Documents and Settings\USER\Incomplete

 

Are these folders created by you? Take a quick peek in them & tell me what's within

 

C:\Program Files\Spytech Software

 

Is this a program you installed? What is it for?

Share this post


Link to post
Share on other sites

2007-11-04 21:01 <DIR> d-------- C:\Incomplete

2007-11-02 17:20 <DIR> d-------- C:\Program Files\Incomplete

2007-10-25 18:46 <DIR> d-------- C:\Downloads

2007-10-25 22:23 <DIR> d-------- C:\Documents and Settings\USER\Incomplete

 

Are these folders created by you? Take a quick peek in them & tell me what's within

 

C:\Program Files\Spytech Software

 

Is this a program you installed? What is it for?

 

The only one of those which is mine is Downloads. The others have a movie file called downloads.dat. Edited by ricrisci

Share this post


Link to post
Share on other sites

TeaTimer is an excellent tool for the prevention of spyware but it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose Yes at the Warning prompt.
  • Expand the Tools menu.
  • Click Resident.
  • Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
  • In the File menu click Exit to exit Spybot Search & Destroy.
Download http://www.techsupportforum.com/sectools/ResetTeaTimer.zip

Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

 

 

---------------

 

 

Open notepad and copy/paste the text in the quotebox below into it:

 

http://forums.pcpitstop.com/index.php?showtopic=149076&st=40&gopid=1440378entry1440378
Collect::
C:\Documents and Settings\USER\pdf.exe
C:\WINDOWS\system32\boutctav.dll
C:\WINDOWS\system32\jvhsbpby.dll
C:\WINDOWS\system32\xcuswrbd.dll
C:\WINDOWS\system32\tgiwkwsl.exe
C:\WINDOWS\system32\tuvsqon.dll
Suspect::
C:\WINDOWS\palist.dat
C:\WINDOWS\packeep.dat
C:\WINDOWS\paopts.dat
File::
C:\Documents and Settings\USER\iexplorer.exe
C:\WINDOWS\system32\w32hlpb.sys
C:\WINDOWS\system32\ntkernel32.sys
C:\WINDOWS\system32\juglhklf.dll
C:\2139.bat
C:\n.bat
C:\z.dat
C:\7269.bat
Folder::
C:\Incomplete
C:\Program Files\Incomplete
C:\Documents and Settings\USER\Incomplete
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B4FFA72-8B9E-4F5E-A26B-DA67A24E6D6B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\juglhklf]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsqon]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save this as "CFScript"

 

 

Posted Image

 

Refering to the picture above, drag CFScript.txt into ComboFix.exe

 

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

 

Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip

Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/submit-malware.php?channel=4

 

 

---------------

 

 

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

 

Answer Yes, when prompted to install an ActiveX component.

  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

     

    Posted Image

     

  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

 

 

---------------

 

 

In your next post, please include fresh logs from:

  • Fresh Hijackthis log taken just before replying
  • Online scan
  • ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Share this post


Link to post
Share on other sites

The zip file has been submitted to bleepingcomputer.com. Mostly everything seems to be working just fine now, except that my default font continues to be changed from before the infection, and my keyboard no longer has Korean language support. How can I return those things to their previous state? Otherwise, no sign of viruses/infections.

 

BTW, the "Incomplete" folders I recognized as they were deleting were placed there by Limewire and thus legitimate but that's OK. There was nothing critical there that I cannot get again.

 

Thanks a million.

 

 

 

ComboFix 07-11-04.3 - USER 2007-11-07 16:58:21.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -8:00]

Running from: C:\Documents and Settings\USER\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\USER\Desktop\CFScript_used_2007-11-05@13.08.txt

* Created a new restore point

 

FILE::

C:\2139.bat

C:\7269.bat

C:\Documents and Settings\USER\iexplorer.exe

C:\n.bat

C:\WINDOWS\system32\juglhklf.dll

C:\WINDOWS\system32\ntkernel32.sys

C:\WINDOWS\system32\w32hlpb.sys

C:\z.dat

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\2139.bat

C:\7269.bat

C:\Documents and Settings\USER\iexplorer.exe

C:\Documents and Settings\USER\Incomplete

C:\Documents and Settings\USER\Incomplete\downloads.bak

C:\Documents and Settings\USER\Incomplete\downloads.dat

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\.datBarnens favoriter

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part001.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part002.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part003.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part004.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part005.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part006.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part007.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part008.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part009.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part010.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part011.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part012.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part013.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part014.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part015.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part016.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part017.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part018.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part019.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part020.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part021.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part022.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part023.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part024.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part025.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part026.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part027.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part028.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part029.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part030.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part031.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part032.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part033.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part034.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part035.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part036.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part037.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part038.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part039.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part040.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part041.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part042.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part043.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part044.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part045.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part046.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part047.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part048.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part049.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part050.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part051.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part052.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part053.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part054.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part055.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part056.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part057.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part058.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part059.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part060.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part061.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part062.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part063.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part064.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part065.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part066.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part067.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part068.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part069.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part070.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part071.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part072.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part073.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part074.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part075.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part076.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part077.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part078.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part079.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part080.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part081.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part082.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part083.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part084.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part085.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part086.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part087.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part088.rar

C:\Documents and Settings\USER\Incomplete\LX3OTBO4CMHTKZH2PBDDWXG6BL5U2EPJ\Barnens favoriter\gt.part089.rar

C:\Documents and Settings\USER\pdf.exe

C:\Incomplete

C:\Incomplete\downloads.dat

C:\n.bat

C:\Program Files\Incomplete

C:\Program Files\Incomplete\downloads.bak

C:\Program Files\Incomplete\downloads.dat

C:\WINDOWS\system32\boutctav.dll

C:\WINDOWS\system32\cbbeg.bak1

C:\WINDOWS\system32\cbbeg.ini

C:\WINDOWS\system32\gebbc.dll

C:\WINDOWS\system32\juglhklf.dll

C:\WINDOWS\system32\juglhklf.dllbox

C:\WINDOWS\system32\jvhsbpby.dll

C:\WINDOWS\system32\ntkernel32.sys

C:\WINDOWS\system32\tgiwkwsl.exe

C:\WINDOWS\system32\tuvsqon.dll

C:\WINDOWS\system32\w32hlpb.sys

C:\WINDOWS\system32\xcuswrbd.dll

C:\z.dat

 

.

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))

.

 

2007-11-05 18:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-11-05 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-11-05 14:13 <DIR> d-------- C:\WINDOWS\fonts

2007-11-04 21:41 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-04 21:15 <DIR> d-------- C:\Program Files\Opera

2007-11-04 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-11-04 14:14 <DIR> d-------- C:\Program Files\Lavasoft

2007-11-04 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-11-04 14:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-11-04 14:09 <DIR> d-------- C:\HJT

2007-11-04 10:47 3,458 --a------ C:\WINDOWS\palist.dat

2007-11-04 10:47 16 --a------ C:\WINDOWS\packeep.dat

2007-11-04 10:46 <DIR> d-------- C:\Program Files\Spytech Software

2007-11-04 10:46 90,112 --a------ C:\WINDOWS\unvise32.exe

2007-11-04 10:46 85 --a------ C:\WINDOWS\paopts.dat

2007-11-03 21:02 <DIR> d-------- C:\Documents and Settings\USER\.housecall6.6

2007-11-02 21:15 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-11-02 21:15 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-11-02 21:15 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-11-02 21:15 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-11-02 21:14 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-11-02 21:14 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-11-02 21:13 <DIR> d-------- C:\Program Files\Alwil Software

2007-11-02 21:13 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-11-02 21:13 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-11-02 15:53 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-11-02 15:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2007-10-31 20:14 <DIR> d-------- C:\Program Files\Jetico

2007-10-31 19:41 12,229,736 --a------ C:\Program Files\bcrypt8(2).exe

2007-10-30 18:20 <DIR> d-------- C:\Program Files\KaraFun

2007-10-30 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio

2007-10-30 11:50 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

2007-10-30 11:50 1,571,930 --a------ C:\WINDOWS\system32\npmon.exe

2007-10-30 11:50 778,240 --a------ C:\WINDOWS\system32\npeutilex.dll

2007-10-30 11:50 61,440 --a------ C:\WINDOWS\system32\nphkapi.dll

2007-10-30 11:50 49,152 --a------ C:\WINDOWS\system32\npshare.dll

2007-10-30 11:50 45,056 --a------ C:\WINDOWS\system32\npshar2k.dll

2007-10-30 11:50 45,056 --a------ C:\WINDOWS\system32\npScan.dll

2007-10-30 11:50 36,938 --a------ C:\WINDOWS\system32\TeCtrl.dll

2007-10-30 11:50 34,312 --a------ C:\WINDOWS\system32\npPCStatusUninst.exe

2007-10-30 11:40 <DIR> d--h----- C:\XecureSSL

2007-10-30 11:40 <DIR> d--h----- C:\WINDOWS\yessign

2007-10-30 11:40 <DIR> d-------- C:\Program Files\SoftForum

2007-10-30 11:40 <DIR> d-------- C:\Program Files\NPKI

2007-10-30 11:39 <DIR> d-------- C:\WINDOWS\kdefense

2007-10-30 11:39 281,600 --a------ C:\WINDOWS\system32\kdfinj.dll

2007-10-30 11:39 151,552 --a------ C:\WINDOWS\system32\kdfmgr.exe

2007-10-30 11:39 61,440 --a------ C:\WINDOWS\system32\kdfmod.dll

2007-10-30 11:39 48,128 --a------ C:\WINDOWS\system32\Kdfhok.dll

2007-10-27 21:40 1,744 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-10-27 20:13 <DIR> d-------- C:\Program Files\Common Files\xing shared

2007-10-27 20:12 <DIR> d-------- C:\Program Files\Real

2007-10-27 20:12 <DIR> d-------- C:\Program Files\Common Files\Real

2007-10-27 18:58 25,755,448 --a------ C:\Program Files\wmp11-windowsxp-x86-enu.exe

2007-10-27 14:12 <DIR> d-------- C:\Documents and Settings\USER\Application Data\GRETECH

2007-10-27 12:51 <DIR> d-------- C:\Program Files\LimeWire

2007-10-26 23:31 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-10-26 23:31 25,856 -----c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2007-10-26 23:15 <DIR> d-------- C:\Program Files\GRETECH

2007-10-25 22:19 <DIR> d-------- C:\Documents and Settings\USER\Application Data\LimeWire

2007-10-25 18:46 <DIR> d-------- C:\Downloads

2007-10-25 18:32 <DIR> d-------- C:\Documents and Settings\USER\Application Data\DivX

2007-10-25 18:31 <DIR> d-------- C:\Program Files\DivX

2007-10-24 17:51 <DIR> d-------- C:\Program Files\Common Files\Adobe

2007-10-24 11:22 <DIR> d-------- C:\WINDOWS\pss

2007-10-23 22:09 <DIR> d-------- C:\Program Files\Veoh Networks

2007-10-23 22:08 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-10-21 10:50 <DIR> d-------- C:\Program Files\MSXML 4.0

2007-10-20 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead

2007-10-20 12:33 <DIR> d-------- C:\Program Files\MagicISO

2007-10-18 06:57 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-10-18 02:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-10-18 02:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-10-18 00:43 262,144 --------- C:\WINDOWS\BCUnInstall.exe

2007-10-17 19:24 <DIR> d-------- C:\WINDOWS\Sun

2007-10-17 19:21 <DIR> d-------- C:\Program Files\Java

2007-10-17 19:21 <DIR> d-------- C:\Program Files\Common Files\Java

2007-10-17 19:05 1,411 --------- C:\WINDOWS\mozver.dat

2007-10-17 19:03 <DIR> d-------- C:\Program Files\uTorrent

2007-10-17 19:02 <DIR> d-------- C:\Documents and Settings\USER\Application Data\uTorrent

2007-10-17 18:24 <DIR> d-------- C:\Program Files\Binary Boy

2007-10-17 18:24 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Binary Boy

2007-10-17 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

2007-10-17 17:10 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Skype

2007-10-17 17:07 <DIR> d-------- C:\Program Files\Skype

2007-10-17 17:07 <DIR> d-------- C:\Program Files\Common Files\Skype

2007-10-17 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype

2007-10-17 17:04 <DIR> d-------- C:\Program Files\VoipBuster.com

2007-10-17 17:04 <DIR> d-------- C:\Documents and Settings\USER\Application Data\VoipBuster

2007-10-17 16:54 0 --------- C:\WINDOWS\nsreg.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-28 05:32 --------- d-----w C:\Program Files\Common Files\Ahead

2007-10-28 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2007-10-25 04:38 13,288 ------w C:\WINDOWS\system32\drivers\mhk.sys

2007-10-24 06:11 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-20 20:49 --------- d-----w C:\Documents and Settings\USER\Application Data\Ahead

2007-10-19 06:28 --------- d-----w C:\Program Files\Common Files\LightScribe

2007-10-18 13:15 47,464 ------w C:\WINDOWS\system32\drivers\bcbus.sys

2007-10-17 02:26 --------- d-----w C:\Program Files\Declan's Korean Dictionary

2007-10-07 03:28 --------- d-----w C:\Documents and Settings\USER\Application Data\CyberLink

2007-10-07 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink

2007-10-07 02:08 --------- d-----w C:\Program Files\CyberLink

2007-10-07 02:03 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-10-07 01:57 --------- d-----w C:\Program Files\Nero

2007-10-05 00:58 --------- d-----w C:\Program Files\ReadWrite Korean

2007-10-05 00:57 --------- d-----w C:\Program Files\Korean HakGyo

2007-10-05 00:56 --------- d-----w C:\Program Files\Declan's Korean FlashCards

2007-10-04 23:04 --------- d-----w C:\Program Files\Microsoft.NET

2007-10-04 23:04 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-10-04 22:18 --------- d-----w C:\Program Files\microsoft frontpage

2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-09-28 16:07 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-09-28 16:07 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-09-28 16:07 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll

2007-09-28 16:07 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe

2007-09-28 16:07 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe

2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll

2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-09-14 04:46 91,496 ------w C:\WINDOWS\system32\drivers\bcswap.sys

2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

.

 

((((((((((((((((((((((((((((( snapshot@2007-11-07_15.11.25.94 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-08 01:05:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_49c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 05:32]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 05:31]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 05:32]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 05:32]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 14:10]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 21:55]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"BCWipeTM Startup"="C:\Program Files\Jetico\BestCrypt\BCWipeTM.exe" [2007-10-28 22:03]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 02:06]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-27 20:13]

"PopupAgent"="C:\Program Files\Spytech Software\Spytech PopupAgent\PopupAgent.exe" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 07:56]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14]

"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2007-06-21 11:26]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=hplun.dll

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"RichVideo"=2 (0x2)

"ose"=3 (0x3)

"NMIndexingService"=3 (0x3)

"NBService"=3 (0x3)

"LightScribeService"=2 (0x2)

 

R1 BC_3DES;BC_3DES;C:\WINDOWS\system32\drivers\BC_3DES.sys

R1 BC_BF128;BC_BF128;C:\WINDOWS\system32\drivers\BC_BF128.sys

R1 BC_BF448;BC_BF448;C:\WINDOWS\system32\drivers\BC_BF448.sys

R1 BC_BFish;BC_BFish;C:\WINDOWS\system32\drivers\BC_BFish.sys

R1 BC_CAST;BC_CAST;C:\WINDOWS\system32\drivers\BC_CAST.sys

R1 BC_DES;BC_DES;C:\WINDOWS\system32\drivers\BC_DES.sys

R1 BC_Gost;BC_Gost;C:\WINDOWS\system32\drivers\BC_Gost.sys

R1 BC_RC6;BC_RC6;C:\WINDOWS\system32\drivers\BC_RC6.sys

R1 BC_RIJN;BC_RIJN;C:\WINDOWS\system32\drivers\BC_RIJN.sys

R1 BC_SERP;BC_SERP;C:\WINDOWS\system32\drivers\BC_SERP.sys

R1 BC_TFISH;BC_TFISH;C:\WINDOWS\system32\drivers\BC_TFISH.sys

R1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys

R1 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys

R1 fsh;fsh;C:\WINDOWS\system32\drivers\fsh.sys

R3 mhk;mhk;C:\WINDOWS\system32\drivers\mhk.sys

R3 moh;moh;C:\WINDOWS\system32\drivers\moh.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42ca2040-72cd-11dc-abaa-806d6172696f}]

\Shell\AutoRun\command - E:\AutoRun.exe

 

.

**************************************************************************

 

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-07 17:06:13

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-11-07 17:08:17 - machine was rebooted

C:\ComboFix2.txt ... 2007-11-07 16:28

C:\ComboFix3.txt ... 2007-11-07 15:13

.

--- E O F ---

 

 

 

 

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, November 07, 2007 6:38:01 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 7/11/2007

Kaspersky Anti-Virus database records: 452683

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan Statistics:

Total number of scanned objects: 28955

Number of viruses found: 0

Number of infected objects: 0

Number of suspicious objects: 0

Duration of the scan process: 01:08:20

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\cert8.db Object is locked skipped

C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\flashgot.log Object is locked skipped

C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\history.dat Object is locked skipped

C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\key3.db Object is locked skipped

C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\parent.lock Object is locked skipped

C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\search.sqlite Object is locked skipped

C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\call256.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\callmember256.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\chat512.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\chatmember256.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\dyncontent\bundle.dat Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\index2.dat Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\profile16384.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\transfer256.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\transfer512.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\user1024.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\user16384.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\user256.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\user4096.dbb Object is locked skipped

C:\Documents and Settings\USER\Application Data\Skype\ricrisci\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\USER\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\USER\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\USER\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\USER\Local Settings\Application Data\Mozilla\Firefox\Profiles\puemxqxi.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\USER\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\USER\Local Settings\History\History.IE5\MSHist012007110720071108\index.dat Object is locked skipped

C:\Documents and Settings\USER\Local Settings\temp\Perflib_Perfdata_648.dat Object is locked skipped

C:\Documents and Settings\USER\Local Settings\temp\UserData\index.dat Object is locked skipped

C:\Documents and Settings\USER\Local Settings\temp\~DF5D65.tmp Object is locked skipped

C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\USER\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\USER\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{271C9203-FF14-4A77-9368-0EFE2FB4C0D3}\RP8\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{08DD7265-5024-427D-8770-6B5B99A62181}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_49c.dat Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{271C9203-FF14-4A77-9368-0EFE2FB4C0D3}\RP8\change.log Object is locked skipped

 

Scan process completed.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 6:41:37 PM, on 11/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Jetico\BestCrypt\BCResident.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\notepad.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\HJT\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9000

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [bCWipeTM Startup] "C:\Program Files\Jetico\BestCrypt\BCWipeTM.exe" startup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PopupAgent] C:\Program Files\Spytech Software\Spytech PopupAgent\PopupAgent.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://xecure.kbstar.com/xecure/xw_install_v7202.cab

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://n-protect.kbstar.com/nprotect/module/npx.cab

O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - http://k-defence.kbstar.com/kdfx218/kbstar/kdfense9.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: hplun.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

 

--

End of file - 6382 bytes

Edited by ricrisci

Share this post


Link to post
Share on other sites

I went there and did as they said but I still cannot type in Korean. I have a Korean keyboard which has a button toggle between English and Korean but now when I try to use it, for the Korean only ??????????????????? appear. Before, I didn't have that little language button on the taskbar; merely by hitting the special key on the keyboard, I was able to type in Korean. Is this a hardware issue?

 

I still do not have back my default font for IE.

 

Another slightly bizarre thing is that when I go to Start - Programs, all the programs which do not have their own icon, i.e. all which use the Windows default icon, have an '8' at the end of the line. All the programs open up OK, it just looks weird. I hope it does not indicate another serious problem.

Share this post


Link to post
Share on other sites

I was just trying to figure out why I cannot get the Korean fonts to work and I looked at vgaoem.fon. There is only ONE single font in there! I thought I extracted the file with all the fonts in it. This would explain why my default font has changed as well as why I cannot type in Korean. Can we fix this?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×