hi, my computer just got infected recently by the Micro AV trojan. i followed the steps mentioned in some of the threads to remove it. i think i've managed to remove all of it. however, it seems that there's a opvapp.exe error. it fails to start up and the reason given is because MFC80.DLL is missing. i am using a fujitsu tablet and running on vista. my computer seems to be laggy after the trojan incident too. i used spyware doctor, malware bytes to fix the trojan. i've ran tune up utilities and zone alarm internet security and norman anti virus. my hotmail keeps getting an error too. i cant click anything in it, but there's no problems with other websites. can anyone help me? edit:my utorrent and live messenger hangs frequently now. here's my hijackthis and combofix logs. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:59:56 PM, on 6/10/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Windows\VM331_STI.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Fujitsu\updnavi\updatenv.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files\Fujitsu\PSUtility\TrayManager.exe C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\Program Files\Aculearn\AcuCONFERENCE5\AcuStudio.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Fujitsu\Utils\FjDspMon.exe C:\Windows\system32\igfxext.exe C:\Program Files\Fujitsu\Utils\fjevents.exe C:\Program Files\Fujitsu\Utils\FjMenu.exe C:\Program Files\Fujitsu\Utils\FjLidMon.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hk.fujitsu.com/pc R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe O4 - HKLM\..\Run: [SSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [FjStrtAp] c:\Program Files\Fujitsu\Utils\FjStrtAp.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [PSUtility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [AcuHelper] C:\Program Files\Aculearn\AcuCONFERENCE5\AcuStudio.exe "mini" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 10374 bytes ComboFix 08-10-05.05 - Wai Hon 2008-10-06 12:25:12.1 - NTFSx86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1398 [GMT 8:00] Running from: C:\Users\Wai Hon\Computer Application\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-06 04:26 7,497,760 --sha-w C:\Windows\system32\drivers\fidbox.dat 2008-10-06 04:24 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\uTorrent 2008-10-06 04:20 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\aculearn 2008-10-06 03:40 --------- d---a-w C:\ProgramData\TEMP 2008-10-06 03:40 --------- d-----w C:\Program Files\Spyware Doctor 2008-10-06 03:05 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\WTablet 2008-10-06 03:02 349,222 ---ha-w C:\Windows\system32\drivers\vsconfig.xml 2008-10-06 02:59 0 --sha-w C:\Windows\system32\drivers\fidbox.idx 2008-10-05 16:24 --------- d-----w C:\ProgramData\MailFrontier 2008-10-05 16:23 --------- d-----w C:\Program Files\Zone Labs 2008-10-05 16:20 --------- d-----w C:\ProgramData\CheckPoint 2008-10-05 16:01 355,584 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-10-05 16:01 --------- d-----w C:\ProgramData\TuneUp Software 2008-10-05 16:01 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-10-05 16:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-05 15:50 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\TuneUp Software 2008-10-04 04:00 --------- d-----w C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-04 04:00 --------- d-----w C:\Program Files\iTunes 2008-10-04 04:00 --------- d-----w C:\Program Files\iPod 2008-10-04 03:58 --------- d-----w C:\Program Files\QuickTime 2008-10-04 03:58 --------- d-----w C:\Program Files\Common Files\Apple 2008-10-04 03:49 --------- d-----w C:\Program Files\Bonjour 2008-10-04 03:03 --------- d-----w C:\ProgramData\PC Tools 2008-10-04 03:02 --------- d-----w C:\Program Files\Norman 2008-10-03 18:24 --------- d-----w C:\Program Files\Trend Micro 2008-10-03 17:55 51,520 ----a-w C:\Windows\system32\drivers\TfFsMon.sys 2008-10-03 17:55 38,208 ----a-w C:\Windows\system32\drivers\TfSysMon.sys 2008-10-03 17:55 33,088 ----a-w C:\Windows\system32\drivers\TfNetMon.sys 2008-10-03 17:55 12,608 ----a-w C:\Windows\system32\drivers\TfKbMon.sys 2008-10-02 14:45 --------- d-----w C:\Program Files\RogueRemover PRO 2008-10-02 13:37 --------- d-----w C:\Program Files\Common Files\PC Tools 2008-10-02 13:36 160,792 ----a-w C:\Windows\system32\drivers\pctfw2.sys 2008-10-02 13:17 --------- d-----w C:\ProgramData\sxwpexol 2008-10-02 11:17 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\PC Tools 2008-10-02 10:55 2,014 ---h--r C:\Windows\system32\drivers\hosts 2008-10-02 10:55 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Download Manager 2008-10-02 10:50 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Malwarebytes 2008-10-02 10:50 --------- d-----w C:\ProgramData\Malwarebytes 2008-10-02 10:50 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-10-01 15:55 --------- d-----w C:\Program Files\uTorrent 2008-09-25 05:16 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Apple Computer 2008-09-25 05:11 --------- d-----w C:\Program Files\Safari 2008-09-25 04:56 --------- d-----w C:\ProgramData\Apple Computer 2008-09-24 07:48 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-23 10:47 --------- d-----w C:\Program Files\YAWLE 2008-09-23 10:46 729,088 ----a-w C:\Windows\iun6002.exe 2008-09-18 02:14 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-09 16:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-09 16:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-08-29 10:59 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Intel 2008-08-29 02:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe 2008-08-29 01:53 61,440 ----a-w C:\Windows\System32\dnssd.dll 2008-08-28 03:35 --------- d-----w C:\ProgramData\FLEXnet 2008-08-28 03:33 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-08-26 14:21 --------- d-----w C:\Program Files\Apple Software Update 2008-08-26 07:35 --------- d-----w C:\Program Files\Matroska Pack 2008-08-25 03:36 81,288 ----a-w C:\Windows\system32\drivers\iksyssec.sys 2008-08-25 03:36 66,952 ----a-w C:\Windows\system32\drivers\iksysflt.sys 2008-08-25 03:36 40,840 ----a-w C:\Windows\system32\drivers\ikfilesec.sys 2008-08-24 04:51 --------- d-----w C:\Program Files\Combined Community Codec Pack 2008-08-24 04:23 0 ---ha-w C:\Windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf 2008-08-24 04:23 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\NSeries 2008-08-24 04:23 --------- d-----w C:\ProgramData\PC Suite 2008-08-21 14:23 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\DivX 2008-08-21 14:22 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\vlc 2008-08-21 14:22 --------- d-----w C:\Program Files\VideoLAN 2008-08-21 14:18 --------- d-----w C:\Program Files\DivX 2008-08-21 14:18 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-08-21 14:13 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Media Player Classic 2008-08-21 12:42 294,288 ----a-w C:\Windows\system32\drivers\vsdatant.sys 2008-08-21 12:41 72,592 ----a-w C:\Windows\zllsputility.exe 2008-08-21 12:41 1,221,008 ----a-w C:\Windows\System32\zpeng25.dll 2008-08-20 10:48 --------- d-----w C:\Program Files\Windows Live 2008-08-19 07:24 --------- d-----w C:\Program Files\BitComet 2008-08-17 12:46 --------- d-----w C:\ProgramData\Messenger Plus! 2008-08-17 07:00 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-16 03:20 --------- d-----w C:\Program Files\Nokia 2008-08-14 14:43 --------- d-----w C:\Program Files\Windows Mail 2008-08-14 14:33 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2008-08-14 14:17 --------- d-----w C:\ProgramData\Nokia 2008-08-14 14:17 --------- d-----w C:\Program Files\Common Files\Nokia 2008-08-14 14:10 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Nokia 2008-08-14 14:00 --------- d-----w C:\ProgramData\Installations 2008-08-14 13:57 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\PC Suite 2008-08-14 13:56 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-08-14 13:20 --------- d-----w C:\ProgramData\Apple 2008-08-14 13:16 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-08-14 13:12 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-14 13:08 0 ----a-w C:\Windows\system32\drivers\FUJITSU_T5010_WVIBUS.MKR 2008-08-14 13:03 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-08-14 13:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-08-14 12:58 --------- d-----w C:\ProgramData\WLInstaller 2008-08-14 12:23 --------- d-----w C:\Program Files\Microsoft Works 2008-08-14 12:22 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-14 12:11 --------- d-----w C:\Program Files\FLV Player 2008-08-14 11:42 --------- d-----w C:\ProgramData\CyberLink 2008-08-14 11:41 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\CyberLink 2008-08-14 11:19 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Blackboard 2008-08-14 11:16 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\ArcSoft 2008-08-14 11:10 --------- d-----w C:\ProgramData\PCDr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [X] "331BigDog"="C:\Windows\VM331_STI.EXE" [2008-05-06 290816] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800] "OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2008-06-06 3010560] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-23 145944] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-23 170520] "FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updatenv.exe" [2007-08-03 167936] "SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-15 193832] "IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-08 97072] "FjStrtAp"="c:\Program Files\Fujitsu\Utils\FjStrtAp.exe" [2008-04-09 20480] "LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-02-01 88616] "PSUtility"="c:\Program Files\Fujitsu\PSUtility\TrayManager.exe" [2008-02-01 136488] "ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136] "AcuHelper"="C:\Program Files\Aculearn\AcuCONFERENCE5\AcuStudio.exe" [2008-01-03 726320] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 C:\Windows\RtHDVCpl.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-03-15 2938184] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{35010A76-1F9B-4A8D-B1E8-E1E8B790CDFF}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{2459B4FF-BF80-4620-80C0-603B2ECA22FF}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{2D5C7F8C-057E-4550-AAB5-442EE38C12E1}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{35E98B22-E373-4279-9D30-F7A381FF6AF1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{0003638F-3A6D-4D20-857D-5FECED919751}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{7ACB6F22-47DF-45E1-8A0E-68F11BE1A586}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{36C45194-2E81-4283-AD81-D6BE4EEAF999}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{2B389331-3945-4D06-8F79-C2890E2E2BFA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{FAC87882-811F-40A4-93BE-72423469FF3D}"= UDP:11044:BitComet 11044 TCP "{F06D51E4-CCB6-4FFA-B3F2-C15DBA4AC133}"= TCP:11044:BitComet 11044 UDP "{4D4F24D7-07C8-4AB3-8C1E-88AB9ACCACD5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{D2445C70-8515-4886-B157-7E589FF48AC6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{F623D423-5305-45F8-A833-1C244DF0EC41}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{31989FF6-FF49-4B7E-A884-D30FCDD19075}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{D9A00F75-4AEE-411F-839D-6BD0F9D967C2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{B68D56F7-79D1-4D30-B8A9-F339F6BBE71A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{B08D3C23-0130-458A-99D1-99B2B10A685A}"= UDP:55555:uTorrent_PORT_TCP "{232A3041-9F7E-417C-9A8F-0F555032BA25}"= UDP:6881:Utorrent1_TCP "{ECF181D3-03A1-4112-BF57-00816710C6D1}"= TCP:6881:Utorrent1_UDP "{AAD91E4B-9536-4A99-AB46-B01B56A30B00}"= UDP:6882:Utorrent2_TCP "{F9E6F0D5-2844-4C20-9F46-633DB4E1440E}"= TCP:6882:Utorrent2_UDP "{BDD4963F-2C5A-46DD-BDB1-91796410E857}"= UDP:6883:Utorrent3_TCP "{443E4E2B-7523-4643-A8EA-66BE8AF92142}"= TCP:6883:Utorrent3_UDP "{0EC513C5-CD4E-4709-B5CC-BCB5469E10DA}"= UDP:6884:Utorrent4_TCP "{E2DF99E5-2423-4CFF-A8FE-FD5B04CC9AAE}"= TCP:6884:UTorrent4_UDP "{1C9D6799-5771-4A7A-900F-0383879B842D}"= UDP:6885:Utorrent5_TCP "{B2F51022-D4D3-4B53-8B9F-2B7071B6FB1B}"= TCP:6885:Utorrent5_UDP "{8C743E64-0010-4745-B6F5-8C8541F016B4}"= UDP:6886:Utorrent6_TCP "{F507DF02-8EE0-4309-9B0A-B8AA7539A322}"= TCP:6886:Utorrent6_UDP "{031E13DD-AB4C-4C09-90C7-A1B093B25F92}"= UDP:6887:Utorrent7_TCP "{364E47E1-4CD3-4AD5-98D8-A3E41798B9E6}"= TCP:6887:Utorrent7_UDP "{F2198013-C4F5-4533-B3E4-82ABD81F8FFF}"= UDP:6888:Utorrent8_TCP "{5594E460-9155-48E8-8FE4-12E0E3BBBD32}"= TCP:6888:UTorrent8_UDP "{FA422BF9-A99E-4E2F-9B6D-032CD43A070F}"= UDP:6889:Utorrent9_TCP "{44F76804-CD4D-4B7F-81F3-87EA0BB85498}"= TCP:6889:Utorrent9_UDP "{6C1CBD3E-9EF7-4BDA-9166-829F629C1700}"= TCP:55555:Utorrent_PORT_UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 FJGSDisk;G-Sensor Application Filter Driver;C:\Windows\system32\DRIVERS\FJGSDisk.sys [2008-06-25 12712] R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys [2008-10-04 51520] R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys [2008-10-04 38208] R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-10-02 160792] R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-02-23 104960] R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\AtService.exe [2008-05-15 1172728] R2 FJSPA;FJSPA;C:\Program Files\Fujitsu\FJSPA\FJSPA.sys [2006-12-08 17712] R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\Program Files\Fujitsu\PSUtility\PSUService.exe [2008-02-01 62760] R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2008-05-01 3032360] R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\updnavi\updnvsrv.exe [2007-08-03 11264] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-21 21504] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys [2008-05-15 475520] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y6032.sys [2008-03-27 224384] R3 Fjbtndrv;Fujitsu Button Driver;C:\Windows\system32\DRIVERS\FjBtnDrv.sys [2008-03-02 18944] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664] R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800] R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2008-02-05 47448] R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2008-01-21 41560] R3 TfNetMon;TfNetMon;C:\Windows\system32\drivers\TfNetMon.sys [2008-10-04 33088] R3 vm331avs;VC0334 USB2.0 Digital Camera;C:\Windows\system32\Drivers\vm331avs.sys [2008-05-06 972032] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2008-01-15 13480] R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440] R3 WISDPen;Wacom Penabled MiniDriver;C:\Windows\system32\DRIVERS\wisdpen.sys [2008-03-27 30888] S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720] S3 ThreatFire;ThreatFire;C:\Program Files\Spyware Doctor\TFEngine\TFService.exe service [ ] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-10-06 355584] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{845720e0-69f1-11dd-b0fd-00037aa25d81}] \shell\AutoRun\command - F:\Launch.exe *Newly Created Service* - CATCHME *Newly Created Service* - KLIF . Contents of the 'Scheduled Tasks' folder 2008-10-06 C:\Windows\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09] 2008-10-05 C:\Windows\Tasks\User_Feed_Synchronization-{AB977702-5B7D-490E-B0FD-5E3254044141}.job - C:\Windows\system32\msfeedssync.exe [2008-01-21 10:25] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Wai Hon\AppData\Roaming\Mozilla\Firefox\Profiles\3oii4pf9.default\ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-06 12:28:01 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\Softex\OmniPass\SCUREDLL.dll . Completion time: 2008-10-06 12:30:18 ComboFix-quarantined-files.txt 2008-10-06 04:30:02 ComboFix2.txt 2008-10-03 12:33:17 ComboFix3.txt 2008-10-03 12:18:28 ComboFix4.txt 2008-10-02 13:34:38 ComboFix5.txt 2008-10-06 04:22:56 Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application. Post-Run: 49,115,017,216 bytes free 276 --- E O F --- 2008-09-26 02:16:22 my combofix quarantined files log 2008-09-28 21:55:22 3,262 C:\Qoobox\Quarantine\C\Windows\System32\1.ico.vir 2008-10-02 12:04:16 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat 2008-10-02 12:04:16 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat 2008-10-02 12:04:16 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat 2008-10-02 13:23:45 1,280 C:\Qoobox\Quarantine\Registry_backups\Service_nsesvc.reg.dat 2008-10-02 13:33:50 868 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ANTIVIRUS.reg.dat 2008-10-03 12:23:08 1,050 C:\Qoobox\Quarantine\Registry_backups\Legacy_MCHINJDRV.reg.dat 2008-10-06 04:27:25 6,150 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2008-10-06 04:27:49 162 C:\Qoobox\Quarantine\catchme.log
Hi m3owie Please follow the instructions on this page: http://forums.majorgeeks.com/showthread.php?t=147786 Best Regards
thanks for the help. i've done as you said. my hotmail still has an error though. the error is '___classes undefined'. and i noticed that on my desktop, there's 'Test Mode' displayed in the four corners.
Hey m3owie Look at these two websites: http://forums.mydigitallife.info/showthread.php?t=2402 http://www.microsoft.com/communitie...31a-8374-a8037de637eb&lang=en&cr=US&sloc=&p=1 Best Regards
