Bloodhound.Packed.Jmp

Hi team,

my norton anti virus detected Bloodhound.Packed.Jmp and deleted, but everytime i double click to open my c or d drive, norton keeps detecting it and delete it. somehow it still lingers around.

my laptop is infected with a thumbdrive which was previously pluck into a printing shop com. This is not the first time i get this virus already, but what i did everytime was to insert the recovery cd to re-format the system. Is there other ways to remove it?

i am not a pro with registry stuff, any step by step help will be greatly appreciated. thanks!

Matchboi

 

Welcome to WindowsBBS Matchboi

First download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next, please read this topic, install the latest version of Hijackthis, run a scan and save the log (you can close it for now). Then, download and run Deckard's System Scanner and post BOTH the main.txt and extra.txt logs. You may be required to put them in sepearate posts due to character count limitations.

 

Hi noahd,

thanks for the reply. the main.txt log is below:


Deckard's System Scanner v20071014.68
Run by Marcus Lim on 2008-04-15 04:18:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-14 20:18:20 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Marcus Lim.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:22 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\DOCUME~1\MARCUS~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marcus Lim\Desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Marcus Lim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ycomp/defaults/sp/*http://sg.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/defaults/su/*http://sg.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe "
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe "
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe "
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe "
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe "
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207388701218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13162 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe ",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R1 Hotkey - c:\windows\system32\drivers\hotkey.sys
R1 OsaFsLoc - c:\windows\system32\drivers\osafsloc.sys <Not Verified; OSA Technologies; >
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1500>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 int15.sys - c:\acer\empowering technology\erecovery\int15.sys
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R3 NdisFilt (OSA NdisFilter Protocol) - c:\windows\system32\drivers\ndisfilt.sys <Not Verified; OSA Technologies; >
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S1 Wbutton - c:\windows\system32\drivers\wbutton.sys (file missing)
S3 NETMNT (Acer NetMonitor Protocol) - c:\windows\system32\drivers\netmnt.sys
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 SI15CI - c:\elements\1stboot\blueth\si15ci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AWService (AdminWorks Agent X6) - "c:\acer\empowering technology\admserv.exe" <Not Verified; Avocent Inc.; Acer Empowering framework>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-12 18:17:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-05 16:59:20 540 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Marcus Lim.job


-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-15 04:10:56 0 d-------- C:\Program Files\Trend Micro
2008-04-13 21:08:17 81408 -r-hs---- C:\WINDOWS\system32\tavo1.dll
2008-04-13 21:07:22 125952 -r-hs---- C:\WINDOWS\system32\kavo0.dll
2008-04-13 07:12:36 118971 -r-hs---- C:\30ed3.exe
2008-04-13 07:12:09 125952 -r-hs---- C:\WINDOWS\system32\kavo1.dll
2008-04-13 07:11:33 108126 -r-hs---- C:\WINDOWS\system32\tavo.exe
2008-04-13 07:10:56 118971 -r-hs---- C:\WINDOWS\system32\kavo.exe
2008-04-11 16:40:39 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\U3
2008-04-06 15:04:42 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\Google
2008-04-06 15:01:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-06 15:01:48 0 d-------- C:\Program Files\Google
2008-04-06 14:54:21 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\AdobeUM
2008-04-06 03:38:57 0 d-------- C:\Program Files\Windows Journal Viewer
2008-04-05 18:52:29 0 d-------- C:\WINDOWS\pss
2008-04-05 18:49:03 0 d-------- C:\WINDOWS\ShellNew
2008-04-05 18:46:29 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\Microsoft Web Folders
2008-04-05 18:39:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-05 18:37:41 0 d-------- C:\Program Files\Common Files\Macromedia Shared
2008-04-05 18:37:36 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\Apple Computer
2008-04-05 18:37:03 0 d-------- C:\Program Files\iPod
2008-04-05 18:36:52 0 d-------- C:\Program Files\iTunes
2008-04-05 18:36:38 0 d-------- C:\Program Files\Bonjour
2008-04-05 18:35:41 0 d-------- C:\Program Files\QuickTime
2008-04-05 18:35:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-05 18:35:24 0 d-------- C:\Program Files\Apple Software Update
2008-04-05 18:34:34 0 d-------- C:\Program Files\Common Files\Apple
2008-04-05 18:34:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-05 18:31:32 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\Adobe
2008-04-05 18:27:26 16384 --a------ C:\WINDOWS\system32\FileOps.exe
2008-04-05 18:27:26 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-05 18:26:44 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\Ambient Design
2008-04-05 18:25:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-05 18:24:27 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-05 18:21:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2008-04-05 18:21:28 0 d-------- C:\Program Files\Macromedia
2008-04-05 18:21:28 0 d-------- C:\Program Files\Common Files\Macromedia
2008-04-05 18:20:10 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-05 18:19:54 270336 --a------ C:\WINDOWS\system32\ARThumb.dll <Not Verified; ; ARThumb Dynamic Link Library>
2008-04-05 18:19:52 0 d-------- C:\Program Files\Ambient Design
2008-04-05 18:14:22 0 d--hs---- C:\Recycled
2008-04-05 18:00:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-05 17:05:09 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-05 17:04:45 233472 --a------ C:\WINDOWS\system32\wpcap.dll <Not Verified; CACE Technologies; WinPcap high level library>
2008-04-05 17:04:45 61440 --a------ C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-04-05 17:04:45 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll
2008-04-05 17:04:45 81920 --a------ C:\WINDOWS\system32\packet.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-04-05 17:04:45 32512 --a------ C:\WINDOWS\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-04-05 17:04:45 78208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
2008-04-05 17:04:45 4096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
2008-04-05 17:04:45 0 d-------- C:\Program Files\WinPCap
2008-04-05 17:04:33 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
2008-04-05 17:04:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-04-05 17:03:52 61440 --a------ C:\WINDOWS\system32\acerGina.dll <Not Verified; acer; acer eNet Management>
2008-04-05 17:03:28 0 d-------- C:\Documents and Settings\Marcus Lim\Bluetooth Software
2008-04-05 17:00:18 0 d-------- C:\Program Files\WIDCOMM
2008-04-05 16:58:48 0 d-------- C:\Program Files\CyberLink
2008-04-05 16:58:24 0 d-------- C:\WINDOWS\Acer
2008-04-05 16:58:24 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\Macromedia
2008-04-05 16:58:14 9867 --a------ C:\WINDOWS\system32\drivers\HOTKEY.sys
2008-04-05 16:58:13 0 d-------- C:\Program Files\Launch Manager
2008-04-05 16:57:46 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\ATI
2008-04-05 16:56:52 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-05 16:53:26 0 d-------- C:\Program Files\ATI Technologies
2008-04-05 16:52:48 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\Symantec
2008-04-05 16:52:47 0 d--h----- C:\Documents and Settings\Marcus Lim\Templates
2008-04-05 16:52:47 0 dr------- C:\Documents and Settings\Marcus Lim\Start Menu
2008-04-05 16:52:47 0 dr-h----- C:\Documents and Settings\Marcus Lim\SendTo
2008-04-05 16:52:47 0 dr-h----- C:\Documents and Settings\Marcus Lim\Recent
2008-04-05 16:52:47 0 d--h----- C:\Documents and Settings\Marcus Lim\PrintHood
2008-04-05 16:52:47 0 d--h----- C:\Documents and Settings\Marcus Lim\NetHood
2008-04-05 16:52:47 0 dr------- C:\Documents and Settings\Marcus Lim\My Documents
2008-04-05 16:52:47 0 d--h----- C:\Documents and Settings\Marcus Lim\Local Settings
2008-04-05 16:52:47 0 dr------- C:\Documents and Settings\Marcus Lim\Favorites
2008-04-05 16:52:47 0 d-------- C:\Documents and Settings\Marcus Lim\Desktop
2008-04-05 16:52:47 0 d--hs---- C:\Documents and Settings\Marcus Lim\Cookies
2008-04-05 16:52:47 0 dr-h----- C:\Documents and Settings\Marcus Lim\Application Data
2008-04-05 16:52:47 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\Identities
2008-04-05 16:52:46 2883584 --ah----- C:\Documents and Settings\Marcus Lim\NTUSER.DAT
2008-04-05 16:51:53 0 d--hs---- C:\System Volume Information
2008-04-05 16:51:49 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-04-05 16:19:46 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-05 16:13:27 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\Hewlett-Packard
2008-04-05 15:55:36 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-05 15:54:58 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-05 15:54:02 16606 -----n--- C:\WINDOWS\hpomdl01.dat
2008-04-05 15:54:02 19558 --a------ C:\WINDOWS\hpoins01.dat
2008-04-05 15:53:44 0 d-------- C:\temp
2008-04-05 15:13:10 0 d-------- C:\Documents and Settings\Marcus Lim\Contacts
2008-04-05 15:07:23 0 d-------- C:\WINDOWS\system32\DRVSTORE
2008-04-05 15:02:14 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-05 15:01:44 0 d-------- C:\Program Files\Windows Live
2008-04-05 14:35:17 0 d-------- C:\Program Files\MSXML 4.0
2008-04-05 14:13:08 0 d-------- C:\WINDOWS\network diagnostic
2008-04-05 14:05:45 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-05 14:01:36 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-05 13:20:46 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-05 02:16:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-05 02:16:02 0 d-------- C:\Program Files\Yahoo!
2008-04-05 02:14:16 67072 --a------ C:\WINDOWS\system32\HTCA_SelfExtract.bin
2008-04-05 02:14:16 106496 --a------ C:\WINDOWS\system32\eDStoolbar.dll <Not Verified; HiTRUST; >
2008-04-05 02:14:16 27136 --a------ C:\WINDOWS\system32\eDSshellExt.dll <Not Verified; HiTRUST; >
2008-04-05 02:13:30 53248 --a------ C:\WINDOWS\system32\sysenv.dll <Not Verified; HiTRUST; SysEnv>
2008-04-05 02:13:30 110592 --a------ C:\WINDOWS\system32\Outlook Addin.dll <Not Verified; HiTRUST; >
2008-04-05 02:13:30 233472 --a------ C:\WINDOWS\system32\keyManager.dll <Not Verified; HiTRSUT; keyManager>
2008-04-05 02:13:29 822784 --a------ C:\WINDOWS\system32\UIVCL.dll <Not Verified; HiTRUST; >
2008-04-05 02:13:29 352256 --a------ C:\WINDOWS\system32\UI.dll <Not Verified; TODO: <???>; TODO: <???>>
2008-04-05 02:13:29 32768 --a------ C:\WINDOWS\system32\TC_res.dll
2008-04-05 02:13:29 984064 --a------ C:\WINDOWS\system32\ShowErrUI.dll <Not Verified; HiTRUST; >
2008-04-05 02:13:29 61440 --a------ C:\WINDOWS\system32\ShowErrMsg.dll <Not Verified; HiTRUST; ShowErrMsg>
2008-04-05 02:13:29 45056 --a------ C:\WINDOWS\system32\SC_res.dll
2008-04-05 02:13:28 81920 --a------ C:\WINDOWS\system32\MSNSpook.dll <Not Verified; HiTRUST; MSNSpook Dynamic Link Library>
2008-04-05 02:13:28 10752 --a------ C:\WINDOWS\system32\MSNChatHook.dll <Not Verified; ; MSNChatHook Dynamic Link Library>
2008-04-05 02:13:28 57344 --a------ C:\WINDOWS\system32\LogSPWusage.dll <Not Verified; HiTRUST; LogSPWusage>
2008-04-05 02:13:28 45056 --a------ C:\WINDOWS\system32\EN_res.dll
2008-04-05 02:13:28 389120 --a------ C:\WINDOWS\system32\CryptoAPI.dll <Not Verified; HiTRUST; CryptoAPI>
2008-04-05 02:13:28 53248 --a------ C:\WINDOWS\system32\APISlice.dll
2008-04-05 02:13:28 19968 --a------ C:\WINDOWS\system32\ActiveToolBand.dll <Not Verified; HiTRUST; >
2008-04-05 02:11:54 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-04-05 02:10:37 258048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe <Not Verified; Acer Inc.; Uninstall_eRecovery.exe>
2008-04-05 02:08:29 0 d-------- C:\Documents and Settings\Marcus Lim\Application Data\Acer
2008-04-05 02:08:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Acer
2008-04-05 02:08:19 4392 --a------ C:\WINDOWS\system32\drivers\NdisFilt.sys <Not Verified; OSA Technologies; >
2008-04-05 02:08:17 4010 --a------ C:\WINDOWS\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
2008-04-05 02:08:17 7296 --a------ C:\WINDOWS\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
2008-04-05 02:08:17 12106 --a------ C:\WINDOWS\system32\drivers\OsaFsLoc.sys <Not Verified; OSA Technologies; >
2008-04-05 02:07:27 225350 --a------ C:\WINDOWS\system32\Epm-Po.dll <Not Verified; Acer Labs USA; EPM-PO Dynamic Link Library>
2008-04-05 02:06:07 245824 -ra------ C:\WINDOWS\Instexec.exe <Not Verified; Logitech; Logitech>
2008-04-05 02:06:04 245824 -ra------ C:\WINDOWS\system32\InstExec.exe <Not Verified; Logitech; Logitech>
2008-04-05 02:05:57 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-05 02:05:48 0 d-------- C:\Program Files\Common Files\Acer
2008-04-05 02:05:44 262144 --a------ C:\WINDOWS\system32\ElkCtrl.exe <Not Verified; Logitech Inc.; Logitech Camera Software>
2008-04-05 02:05:44 57344 --a------ C:\WINDOWS\system32\ElkCtlPS.dll <Not Verified; Logitech Inc.; Logitech Camera Software>
2008-04-05 02:05:44 319488 --a------ C:\WINDOWS\system32\CamCplRes.dll <Not Verified; Acer; Acer OrbiCam>
2008-04-05 02:05:43 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-04-05 02:05:41 167936 --a------ C:\WINDOWS\system32\VxLib.dll <Not Verified; Acer; Acer OrbiCam>
2008-04-05 02:05:41 151552 --a------ C:\WINDOWS\system32\VLib.dll <Not Verified; Acer; Acer OrbiCam>
2008-04-05 02:05:38 39424 --a------ C:\WINDOWS\system32\VxLibRes.dll <Not Verified; Acer; Acer OrbiCam>
2008-04-05 02:05:37 0 d-------- C:\Program Files\Acer
2008-04-05 01:25:39 0 d-a------ C:\WINDOWS\Lan1
2008-04-05 01:24:49 0 d-a------ C:\WINDOWS\LAN
2008-04-05 00:51:45 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-04-05 00:51:45 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities


-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 01:56 PM]
"preload "= "C:\Windows\RUNXMLPL.exe" [05/19/2005 05:09 PM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/16/2005 04:32 PM]
"RTHDCPL "= "RTHDCPL.EXE" [12/19/2005 02:52 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr "= "ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 10:19 PM]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/10/2004 04:00 AM]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/10/2004 04:00 AM]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/10/2004 04:00 AM]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/10/2004 04:00 AM]
"ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [01/02/2006 05:41 PM]
"LaunchAp "= "C:\Program Files\Launch Manager\LaunchAp.exe" [07/25/2005 01:36 PM]
"LManager "= "C:\Program Files\Launch Manager\HotkeyApp.exe" [04/20/2006 11:26 AM]
"CtrlVol "= "C:\Program Files\Launch Manager\CtrlVol.exe" [09/16/2003 02:28 PM]
"LMgrOSD "= "C:\Program Files\Launch Manager\OSDCtrl.exe" [07/25/2005 10:45 AM]
"Wbutton "= "C:\Program Files\Launch Manager\Wbutton.exe" [04/20/2006 09:23 AM]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [08/10/2004 04:00 AM C:\WINDOWS\system32\bthprops.cpl]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [06/23/2006 10:39 AM]
"ePower_DMC "= "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [04/14/2006 05:42 PM]
"Acer ePower Management "= "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [01/20/2006 03:56 PM]
"ADMTray.exe "= "C:\Acer\Empowering Technology\admtray.exe" [10/24/2005 04:45 PM]
"eRecoveryService "= "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [01/24/2006 06:00 PM]
"LogitechCameraAssistant "= "C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [06/26/2006 03:47 PM]
"LogitechVideo[inspector] "= "C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [06/26/2006 03:55 PM]
"LogitechCameraService(E) "= "C:\WINDOWS\system32\ElkCtrl.exe" [11/01/2004 06:22 PM]
"eDataSecurity Loader "= "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [12/27/2005 03:50 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 04:00 AM]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/13/2008 12:16 AM]
"kava "= "C:\WINDOWS\system32\kavo.exe" [04/13/2008 08:55 PM]
"tava "= "C:\WINDOWS\system32\tavo.exe" [04/15/2008 03:38 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [1/17/2006 10:45:32 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/9/2003 6:11:12 PM]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/9/2003 6:21:38 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 8:05:56 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - INT15.SYS



-- End of Deckard's System Scanner: finished at 2008-04-15 04:20:01 ------------

 

The below is extra.txt:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
CPU 1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2046.11 MiB / 1423.93 MiB
Pagefile Memory (total/avail): 3937.97 MiB / 3327.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.84 MiB

C: is Fixed (FAT32) - 53.2 GiB total, 37.32 GiB free.
D: is Fixed (FAT32) - 53.68 GiB total, 19.95 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1234GSX - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 4.89 GiB
\PARTITION1 (bootable) - Unknown - 53.21 GiB - C:
\PARTITION2 - Unknown - 53.69 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec)
AV: Norton AntiVirus 2006 v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "= "C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Marcus Lim\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-47253A5CC0
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Marcus Lim
LOGONSERVER=\\ACER-47253A5CC0
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MARCUS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MARCUS~1\LOCALS~1\Temp
USERDOMAIN=ACER-47253A5CC0
USERNAME=Marcus Lim
USERPROFILE=C:\Documents and Settings\Marcus Lim
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Marcus Lim (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu "
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eDataSecurity Management 1.00.26 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x9 -removeonly
Acer eLock Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
Acer Empowering Technology framework --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePerformance Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management --> C:\WINDOWS\UnInst32.exe AcerePrj.UNI
Acer eSettings Management --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Acer OrbiCam Driver --> "C:\Program Files\Common Files\Acer\OrbiCam\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l0409
Acer OrbiCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\setup.exe" -l0x9
Acer Screensaver --> MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe InDesign CS2 --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArtRage 2.2 --> "C:\Program Files\Ambient Design\ArtRage 2\unins000.exe "
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{13E582CE-E439-4446-A0AE-0F1F07CD2ED5}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{90437E5F-0A9E-4B63-AD8B-D232897D18BF}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe "
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10250093\HXFSETUP.EXE -U -IGraS1025.inf
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Launch Manager V1.1.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\Setup.exe" -l0x9
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe "
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1033
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe "
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type550 / Warning
Event Submitted/Written: 04/11/2008 01:09:39 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{43DCF766-6838-4F9A-8C91-D92DA586DFA8}', feature 'DefaultFeature' failed during request for component '{A4AD656D-72E9-43A7-9DD0-E5F6AF438E72}'

Event Record #/Type549 / Warning
Event Submitted/Written: 04/11/2008 01:09:39 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{43DCF766-6838-4F9A-8C91-D92DA586DFA8}', feature 'DefaultFeature', component '{9F47ECA8-A740-EC80-1AE2-C48048D83AA4}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Journal Viewer\' does not exist.

Event Record #/Type548 / Warning
Event Submitted/Written: 04/11/2008 01:09:38 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{43DCF766-6838-4F9A-8C91-D92DA586DFA8}', feature 'DefaultFeature' failed during request for component '{A4AD656D-72E9-43A7-9DD0-E5F6AF438E72}'

Event Record #/Type547 / Warning
Event Submitted/Written: 04/11/2008 01:09:38 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{43DCF766-6838-4F9A-8C91-D92DA586DFA8}', feature 'DefaultFeature', component '{9F47ECA8-A740-EC80-1AE2-C48048D83AA4}' failed. The resource 'HKEY_CURRENT_USER\Software\Microsoft\Journal Viewer\' does not exist.

Event Record #/Type546 / Warning
Event Submitted/Written: 04/11/2008 01:09:38 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{43DCF766-6838-4F9A-8C91-D92DA586DFA8}', feature 'DefaultFeature' failed during request for component '{A4AD656D-72E9-43A7-9DD0-E5F6AF438E72}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1285 / Warning
Event Submitted/Written: 04/15/2008 03:37:22 AM / 04/15/2008 03:37:49 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type1272 / Error
Event Submitted/Written: 04/13/2008 11:48:13 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer SHANEE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EE6968FD-B5F6-465B.
The master browser is stopping or an election is being forced.

Event Record #/Type1271 / Warning
Event Submitted/Written: 04/13/2008 11:37:51 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\SHANEE-PC on the network \Device\NetBT_Tcpip_{EE6968FD-B5F6-465B-9B9D-CF20A25AED21}.
The data is the error code.

Event Record #/Type1222 / Warning
Event Submitted/Written: 04/13/2008 09:06:24 PM / 04/13/2008 09:06:51 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type1172 / Warning
Event Submitted/Written: 04/13/2008 08:53:42 PM / 04/13/2008 08:54:10 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.



-- End of Deckard's System Scanner: finished at 2008-04-15 04:20:01 ------------

Hope to hear from you soon, thanks so much!

 

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Hi noah,

Thanks so much for you patience. my laptop is fine already. didnt know wad happen that day, when my windows cannot boot because of a missing or corrupted hal.dll file. put in my recovery disc and neither it can restore or reformat my c:drive. So i borrowed a win XP from my fren to reinstall, follow by reformatting it once more wif my recovery cd. Now its totally fine already.

As i often need to go to print shop to print my work, is there any advice from you to prevent infection again? Is there any free anti virus software better thn norton? because apparently, the av cant detect the previous infection i got.

Best Regards,
Matchboi

 

Avast! and AVG are widely used.