|
|
|
Micro AV aftermath (lag and missing files)
|
|
|
m3owie
Newbie
|
6. October 2008 @ 01:02 |
Link to this message
|
hi, my computer just got infected recently by the Micro AV trojan. i followed the steps mentioned in some of the threads to remove it. i think i've managed to remove all of it. however, it seems that there's a opvapp.exe error. it fails to start up and the reason given is because MFC80.DLL is missing.
i am using a fujitsu tablet and running on vista. my computer seems to be laggy after the trojan incident too. i used spyware doctor, malware bytes to fix the trojan. i've ran tune up utilities and zone alarm internet security and norman anti virus. my hotmail keeps getting an error too. i cant click anything in it, but there's no problems with other websites. can anyone help me?
edit:my utorrent and live messenger hangs frequently now.
here's my hijackthis and combofix logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:56 PM, on 6/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\VM331_STI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Fujitsu\updnavi\updatenv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Aculearn\AcuCONFERENCE5\AcuStudio.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Program Files\Fujitsu\Utils\FjLidMon.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hk.fujitsu.com/pc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe
O4 - HKLM\..\Run: [SSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [FjStrtAp] c:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [PSUtility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [AcuHelper] C:\Program Files\Aculearn\AcuCONFERENCE5\AcuStudio.exe "mini"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 10374 bytes
ComboFix 08-10-05.05 - Wai Hon 2008-10-06 12:25:12.1 - NTFSx86
Microsoft® Windows Vista? Business 6.0.6001.1.1252.1.1033.18.1398 [GMT 8:00]
Running from: C:\Users\Wai Hon\Computer Application\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 04:26 7,497,760 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-10-06 04:24 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\uTorrent
2008-10-06 04:20 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\aculearn
2008-10-06 03:40 --------- d---a-w C:\ProgramData\TEMP
2008-10-06 03:40 --------- d-----w C:\Program Files\Spyware Doctor
2008-10-06 03:05 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\WTablet
2008-10-06 03:02 349,222 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-10-06 02:59 0 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-10-05 16:24 --------- d-----w C:\ProgramData\MailFrontier
2008-10-05 16:23 --------- d-----w C:\Program Files\Zone Labs
2008-10-05 16:20 --------- d-----w C:\ProgramData\CheckPoint
2008-10-05 16:01 355,584 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-10-05 16:01 --------- d-----w C:\ProgramData\TuneUp Software
2008-10-05 16:01 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-05 16:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 15:50 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\TuneUp Software
2008-10-04 04:00 --------- d-----w C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 04:00 --------- d-----w C:\Program Files\iTunes
2008-10-04 04:00 --------- d-----w C:\Program Files\iPod
2008-10-04 03:58 --------- d-----w C:\Program Files\QuickTime
2008-10-04 03:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-04 03:49 --------- d-----w C:\Program Files\Bonjour
2008-10-04 03:03 --------- d-----w C:\ProgramData\PC Tools
2008-10-04 03:02 --------- d-----w C:\Program Files\Norman
2008-10-03 18:24 --------- d-----w C:\Program Files\Trend Micro
2008-10-03 17:55 51,520 ----a-w C:\Windows\system32\drivers\TfFsMon.sys
2008-10-03 17:55 38,208 ----a-w C:\Windows\system32\drivers\TfSysMon.sys
2008-10-03 17:55 33,088 ----a-w C:\Windows\system32\drivers\TfNetMon.sys
2008-10-03 17:55 12,608 ----a-w C:\Windows\system32\drivers\TfKbMon.sys
2008-10-02 14:45 --------- d-----w C:\Program Files\RogueRemover PRO
2008-10-02 13:37 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-10-02 13:36 160,792 ----a-w C:\Windows\system32\drivers\pctfw2.sys
2008-10-02 13:17 --------- d-----w C:\ProgramData\sxwpexol
2008-10-02 11:17 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\PC Tools
2008-10-02 10:55 2,014 ---h--r C:\Windows\system32\drivers\hosts
2008-10-02 10:55 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Download Manager
2008-10-02 10:50 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Malwarebytes
2008-10-02 10:50 --------- d-----w C:\ProgramData\Malwarebytes
2008-10-02 10:50 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-01 15:55 --------- d-----w C:\Program Files\uTorrent
2008-09-25 05:16 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Apple Computer
2008-09-25 05:11 --------- d-----w C:\Program Files\Safari
2008-09-25 04:56 --------- d-----w C:\ProgramData\Apple Computer
2008-09-24 07:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-23 10:47 --------- d-----w C:\Program Files\YAWLE
2008-09-23 10:46 729,088 ----a-w C:\Windows\iun6002.exe
2008-09-18 02:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-09 16:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 16:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-29 10:59 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Intel
2008-08-29 02:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 01:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-28 03:35 --------- d-----w C:\ProgramData\FLEXnet
2008-08-28 03:33 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-08-26 14:21 --------- d-----w C:\Program Files\Apple Software Update
2008-08-26 07:35 --------- d-----w C:\Program Files\Matroska Pack
2008-08-25 03:36 81,288 ----a-w C:\Windows\system32\drivers\iksyssec.sys
2008-08-25 03:36 66,952 ----a-w C:\Windows\system32\drivers\iksysflt.sys
2008-08-25 03:36 40,840 ----a-w C:\Windows\system32\drivers\ikfilesec.sys
2008-08-24 04:51 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-08-24 04:23 0 ---ha-w C:\Windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-08-24 04:23 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\NSeries
2008-08-24 04:23 --------- d-----w C:\ProgramData\PC Suite
2008-08-21 14:23 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\DivX
2008-08-21 14:22 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\vlc
2008-08-21 14:22 --------- d-----w C:\Program Files\VideoLAN
2008-08-21 14:18 --------- d-----w C:\Program Files\DivX
2008-08-21 14:18 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-08-21 14:13 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Media Player Classic
2008-08-21 12:42 294,288 ----a-w C:\Windows\system32\drivers\vsdatant.sys
2008-08-21 12:41 72,592 ----a-w C:\Windows\zllsputility.exe
2008-08-21 12:41 1,221,008 ----a-w C:\Windows\System32\zpeng25.dll
2008-08-20 10:48 --------- d-----w C:\Program Files\Windows Live
2008-08-19 07:24 --------- d-----w C:\Program Files\BitComet
2008-08-17 12:46 --------- d-----w C:\ProgramData\Messenger Plus!
2008-08-17 07:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-16 03:20 --------- d-----w C:\Program Files\Nokia
2008-08-14 14:43 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 14:33 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-08-14 14:17 --------- d-----w C:\ProgramData\Nokia
2008-08-14 14:17 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-14 14:10 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Nokia
2008-08-14 14:00 --------- d-----w C:\ProgramData\Installations
2008-08-14 13:57 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\PC Suite
2008-08-14 13:56 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-14 13:20 --------- d-----w C:\ProgramData\Apple
2008-08-14 13:16 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-14 13:12 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-14 13:08 0 ----a-w C:\Windows\system32\drivers\FUJITSU_T5010_WVIBUS.MKR
2008-08-14 13:03 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-14 13:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-14 12:58 --------- d-----w C:\ProgramData\WLInstaller
2008-08-14 12:23 --------- d-----w C:\Program Files\Microsoft Works
2008-08-14 12:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-14 12:11 --------- d-----w C:\Program Files\FLV Player
2008-08-14 11:42 --------- d-----w C:\ProgramData\CyberLink
2008-08-14 11:41 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\CyberLink
2008-08-14 11:19 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\Blackboard
2008-08-14 11:16 --------- d-----w C:\Users\Wai Hon\AppData\Roaming\ArcSoft
2008-08-14 11:10 --------- d-----w C:\ProgramData\PCDr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [X]
"331BigDog"="C:\Windows\VM331_STI.EXE" [2008-05-06 290816]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2008-06-06 3010560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-23 145944]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-23 170520]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updatenv.exe" [2007-08-03 167936]
"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-15 193832]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-08 97072]
"FjStrtAp"="c:\Program Files\Fujitsu\Utils\FjStrtAp.exe" [2008-04-09 20480]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-02-01 88616]
"PSUtility"="c:\Program Files\Fujitsu\PSUtility\TrayManager.exe" [2008-02-01 136488]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"AcuHelper"="C:\Program Files\Aculearn\AcuCONFERENCE5\AcuStudio.exe" [2008-01-03 726320]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-03-15 2938184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{35010A76-1F9B-4A8D-B1E8-E1E8B790CDFF}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{2459B4FF-BF80-4620-80C0-603B2ECA22FF}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{2D5C7F8C-057E-4550-AAB5-442EE38C12E1}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{35E98B22-E373-4279-9D30-F7A381FF6AF1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0003638F-3A6D-4D20-857D-5FECED919751}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7ACB6F22-47DF-45E1-8A0E-68F11BE1A586}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{36C45194-2E81-4283-AD81-D6BE4EEAF999}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2B389331-3945-4D06-8F79-C2890E2E2BFA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FAC87882-811F-40A4-93BE-72423469FF3D}"= UDP:11044:BitComet 11044 TCP
"{F06D51E4-CCB6-4FFA-B3F2-C15DBA4AC133}"= TCP:11044:BitComet 11044 UDP
"{4D4F24D7-07C8-4AB3-8C1E-88AB9ACCACD5}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D2445C70-8515-4886-B157-7E589FF48AC6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F623D423-5305-45F8-A833-1C244DF0EC41}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{31989FF6-FF49-4B7E-A884-D30FCDD19075}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D9A00F75-4AEE-411F-839D-6BD0F9D967C2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B68D56F7-79D1-4D30-B8A9-F339F6BBE71A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B08D3C23-0130-458A-99D1-99B2B10A685A}"= UDP:55555:uTorrent_PORT_TCP
"{232A3041-9F7E-417C-9A8F-0F555032BA25}"= UDP:6881:Utorrent1_TCP
"{ECF181D3-03A1-4112-BF57-00816710C6D1}"= TCP:6881:Utorrent1_UDP
"{AAD91E4B-9536-4A99-AB46-B01B56A30B00}"= UDP:6882:Utorrent2_TCP
"{F9E6F0D5-2844-4C20-9F46-633DB4E1440E}"= TCP:6882:Utorrent2_UDP
"{BDD4963F-2C5A-46DD-BDB1-91796410E857}"= UDP:6883:Utorrent3_TCP
"{443E4E2B-7523-4643-A8EA-66BE8AF92142}"= TCP:6883:Utorrent3_UDP
"{0EC513C5-CD4E-4709-B5CC-BCB5469E10DA}"= UDP:6884:Utorrent4_TCP
"{E2DF99E5-2423-4CFF-A8FE-FD5B04CC9AAE}"= TCP:6884:UTorrent4_UDP
"{1C9D6799-5771-4A7A-900F-0383879B842D}"= UDP:6885:Utorrent5_TCP
"{B2F51022-D4D3-4B53-8B9F-2B7071B6FB1B}"= TCP:6885:Utorrent5_UDP
"{8C743E64-0010-4745-B6F5-8C8541F016B4}"= UDP:6886:Utorrent6_TCP
"{F507DF02-8EE0-4309-9B0A-B8AA7539A322}"= TCP:6886:Utorrent6_UDP
"{031E13DD-AB4C-4C09-90C7-A1B093B25F92}"= UDP:6887:Utorrent7_TCP
"{364E47E1-4CD3-4AD5-98D8-A3E41798B9E6}"= TCP:6887:Utorrent7_UDP
"{F2198013-C4F5-4533-B3E4-82ABD81F8FFF}"= UDP:6888:Utorrent8_TCP
"{5594E460-9155-48E8-8FE4-12E0E3BBBD32}"= TCP:6888:UTorrent8_UDP
"{FA422BF9-A99E-4E2F-9B6D-032CD43A070F}"= UDP:6889:Utorrent9_TCP
"{44F76804-CD4D-4B7F-81F3-87EA0BB85498}"= TCP:6889:Utorrent9_UDP
"{6C1CBD3E-9EF7-4BDA-9166-829F629C1700}"= TCP:55555:Utorrent_PORT_UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 FJGSDisk;G-Sensor Application Filter Driver;C:\Windows\system32\DRIVERS\FJGSDisk.sys [2008-06-25 12712]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys [2008-10-04 51520]
R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys [2008-10-04 38208]
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-10-02 160792]
R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-02-23 104960]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\AtService.exe [2008-05-15 1172728]
R2 FJSPA;FJSPA;C:\Program Files\Fujitsu\FJSPA\FJSPA.sys [2006-12-08 17712]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\Program Files\Fujitsu\PSUtility\PSUService.exe [2008-02-01 62760]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2008-05-01 3032360]
R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\updnavi\updnvsrv.exe [2007-08-03 11264]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys [2008-05-15 475520]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y6032.sys [2008-03-27 224384]
R3 Fjbtndrv;Fujitsu Button Driver;C:\Windows\system32\DRIVERS\FjBtnDrv.sys [2008-03-02 18944]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800]
R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2008-02-05 47448]
R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2008-01-21 41560]
R3 TfNetMon;TfNetMon;C:\Windows\system32\drivers\TfNetMon.sys [2008-10-04 33088]
R3 vm331avs;VC0334 USB2.0 Digital Camera;C:\Windows\system32\Drivers\vm331avs.sys [2008-05-06 972032]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2008-01-15 13480]
R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 WISDPen;Wacom Penabled MiniDriver;C:\Windows\system32\DRIVERS\wisdpen.sys [2008-03-27 30888]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]
S3 ThreatFire;ThreatFire;C:\Program Files\Spyware Doctor\TFEngine\TFService.exe service [ ]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-10-06 355584]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{845720e0-69f1-11dd-b0fd-00037aa25d81}]
\shell\AutoRun\command - F:\Launch.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - KLIF
.
Contents of the 'Scheduled Tasks' folder
2008-10-06 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
2008-10-05 C:\Windows\Tasks\User_Feed_Synchronization-{AB977702-5B7D-490E-B0FD-5E3254044141}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-21 10:25]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Wai Hon\AppData\Roaming\Mozilla\Firefox\Profiles\3oii4pf9.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 12:28:01
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Softex\OmniPass\SCUREDLL.dll
.
Completion time: 2008-10-06 12:30:18
ComboFix-quarantined-files.txt 2008-10-06 04:30:02
ComboFix2.txt 2008-10-03 12:33:17
ComboFix3.txt 2008-10-03 12:18:28
ComboFix4.txt 2008-10-02 13:34:38
ComboFix5.txt 2008-10-06 04:22:56
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 49,115,017,216 bytes free
276 --- E O F --- 2008-09-26 02:16:22
my combofix quarantined files log
2008-09-28 21:55:22 3,262 C:\Qoobox\Quarantine\C\Windows\System32\1.ico.vir
2008-10-02 12:04:16 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-10-02 12:04:16 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-10-02 12:04:16 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-10-02 13:23:45 1,280 C:\Qoobox\Quarantine\Registry_backups\Service_nsesvc.reg.dat
2008-10-02 13:33:50 868 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ANTIVIRUS.reg.dat
2008-10-03 12:23:08 1,050 C:\Qoobox\Quarantine\Registry_backups\Legacy_MCHINJDRV.reg.dat
2008-10-06 04:27:25 6,150 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-10-06 04:27:49 162 C:\Qoobox\Quarantine\catchme.log
This message has been edited since posting. Last time this message was edited on 6. October 2008 @ 05:55
|
Senior Member
|
6. October 2008 @ 08:29 |
Link to this message
|
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
m3owie
Newbie
|
6. October 2008 @ 09:23 |
Link to this message
|
|
thanks for the help. i've done as you said. my hotmail still has an error though. the error is '___classes undefined'.
and i noticed that on my desktop, there's 'Test Mode' displayed in the four corners.
|
|
Advertisement
|
|
|
Senior Member
|
6. October 2008 @ 09:42 |
Link to this message
|
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
