Combofix"Michael" - 2007-07-04 13:00:49 - ComboFix 07-07-03.9 - Service Pack 2 [color=\"red\"]
FAT32 [/color]
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\nnnoolj.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP\F7B65412.TMP
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\Common Files\mcroso~1.net\l?ass.exe
C:\Program Files\icroso~1.net
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\sembly~1
C:\Program Files\sembly~1\mmc.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\uwiv.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\system32\wpcap.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))
2007-07-04 13:02 40,183 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
2007-07-04 13:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-04 12:39 <DIR> d-------- C:\VundoFix Backups
2007-07-04 00:35 <DIR> d-------- C:\HJT
2007-07-03 23:47 <DIR> d-------- C:\DOCUME~1\Michael\APPLIC~1\Windows Desktop Search
2007-07-03 23:30 <DIR> d-------- C:\Program Files\Windows Desktop Search
2007-06-27 23:30 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-06-27 23:25 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-06-27 23:25 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-06-27 23:25 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-06-27 23:25 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-06-27 23:24 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-06-27 22:56 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-06-27 22:56 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-06-27 22:56 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-06-27 22:56 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-06-27 22:56 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-06-27 22:56 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-06-27 22:56 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2007-06-27 22:56 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-06-27 22:56 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-06-27 22:56 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-27 22:56 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2007-06-27 22:56 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-06-27 22:56 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-06-27 22:56 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-06-27 22:56 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll
2007-06-27 22:56 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-06-27 22:56 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll
2007-06-27 22:56 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll
2007-06-27 22:56 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-06-27 22:56 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-06-25 18:19 <DIR> d-------- C:\TI-89 games
2007-06-20 18:44 22,016 --------- C:\WINDOWS\system32\winzoa32.dll
2007-06-20 18:29 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-06-20 18:29 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-06-20 18:19 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-06-20 18:19 <DIR> d-------- C:\Program Files\Replay Converter
2007-06-19 18:50 <DIR> d-------- C:\WINDOWS\BBSTORE
2007-06-19 18:47 298,496 --a------ C:\WINDOWS\uninst.exe
2007-06-19 16:31 <DIR> d-------- C:\PowerISO
2007-06-14 20:48 90,800 -ra------ C:\WINDOWS\system32\drivers\se27unic.sys
2007-06-14 20:48 4,128 -ra------ C:\WINDOWS\system32\drivers\se27cr.sys
2007-06-14 20:47 88,688 -ra------ C:\WINDOWS\system32\drivers\SE27mgmt.sys
2007-06-14 20:47 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cmnt.sys
2007-06-14 20:47 6,240 -ra------ C:\WINDOWS\system32\drivers\SE27cm.sys
2007-06-14 20:45 61,600 -ra------ C:\WINDOWS\system32\drivers\SE27bus.sys
2007-06-14 20:45 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27whnt.sys
2007-06-14 20:45 5,872 -ra------ C:\WINDOWS\system32\drivers\SE27wh.sys
2007-06-07 22:04 <DIR> d-------- C:\Downloads
2007-06-07 15:44 <DIR> d--hs---- C:\FOUND.004
2007-06-06 17:28 <DIR> d-------- C:\mIRC
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-02 02:27:36 -------- d-----w C:\DOCUME~1\Michael\APPLIC~1\SlySoft
2007-06-02 02:26:20 -------- d-----w C:\Program Files\SlySoft
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-10 12:43:10 -------- d-----w C:\Program Files\Common Files\SWF Studio
2007-05-02 21:55:06 4,096 ----a-w C:\WINDOWS\d3dx.dat
2007-05-01 15:35:12 146,432 --sh--w C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 06:47:48 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 12:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 12:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-11 06:52:02 188 ----a-w C:\WINDOWS\system32\eDataSecurity.dat
2007-04-05 02:16:40 626,688 ----a-w C:\WINDOWS\system32\msvcr80.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{306EF39A-EDEB-4AEE-B60A-24224BA95419}]
C:\WINDOWS\system32\awtqo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-12-15 03:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar2.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2002-08-20 00:50 112248 --a------ C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 03:43 C:\WINDOWS\Alcmtr.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 17:38]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Bwer"="C:\PROGRA~1\SEMBLY~1\mmc.exe" []
"Sohoh"="C:\Program Files\Common Files\M?crosoft.NET\l?ass.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39]
"{634C7583-74C6-4FEF-BD06-9721761A6815}"="C:\WINDOWS\system32\nnnoolj.dll" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoolj]
nnnoolj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzoa32]
winzoa32.dll
Contents of the 'Scheduled Tasks' folder
2007-06-29 07:59:10 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
2007-06-29 10:21:44 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
2007-07-04 03:10:34 C:\WINDOWS\tasks\Symantec NetDetect.job
**************************************************************************
catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer,
http://www.gmer.netRootkit scan 2007-07-04 13:09:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-04 13:11:22 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-04 13:11
--- E O F ---
VundofixVundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 12:39:45 PM 4/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\etvfxkdy.dll
C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\qwnpymwe.dll
C:\WINDOWS\system32\xxyabcc.dll
C:\windows\system32\ydkxfvte.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\etvfxkdy.dll
C:\WINDOWS\system32\etvfxkdy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\oqtwa.bak1
C:\WINDOWS\system32\oqtwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\oqtwa.bak2
C:\WINDOWS\system32\oqtwa.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qwnpymwe.dll
C:\WINDOWS\system32\qwnpymwe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xxyabcc.dll
C:\WINDOWS\system32\xxyabcc.dll Could not be deleted.
Attempting to delete C:\windows\system32\ydkxfvte.ini
C:\windows\system32\ydkxfvte.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\xxyabcc.dll
C:\WINDOWS\system32\xxyabcc.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 12:56:43 PM 4/07/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.4
Checking Java version...
Scan started at 1:04:20 PM 8/07/2007
Listing files found while scanning....
C:\windows\system32\coswglwp.ini
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.tmp
C:\windows\system32\khffghe.dll
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\pmkqvqbd.dll
C:\windows\system32\pwlgwsoc.dll
C:\windows\system32\spvhbfqx.ini
C:\WINDOWS\system32\xqfbhvps.dll
Beginning removal...
Attempting to delete C:\windows\system32\coswglwp.ini
C:\windows\system32\coswglwp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\hjjlm.tmp Has been deleted!
Attempting to delete C:\windows\system32\khffghe.dll
C:\windows\system32\khffghe.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljjh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkqvqbd.dll
C:\WINDOWS\system32\pmkqvqbd.dll Has been deleted!
Attempting to delete C:\windows\system32\pwlgwsoc.dll
C:\windows\system32\pwlgwsoc.dll Has been deleted!
Attempting to delete C:\windows\system32\spvhbfqx.ini
C:\windows\system32\spvhbfqx.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\xqfbhvps.dll
C:\WINDOWS\system32\xqfbhvps.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\khffghe.dll
C:\windows\system32\khffghe.dll Has been deleted!
Performing Repairs to the registry.
Done!
Hijack ThisLogfile of HijackThis v1.99.1
Scan saved at 3:23:52 PM, on 5/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\TEMP\win32.tmp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\DOCUME~1\Michael\MYDOCU~1\MCROSO~1\userinit.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\jre-6u1-windows-i586-p-iftw_fa96d0d7.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\Jason.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://global.acer.comO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {126A15F8-896E-DEEF-1A63-8A8DB024D3C1} - C:\WINDOWS\system32\xsv.dll
O2 - BHO: (no name) - {306EF39A-EDEB-4AEE-B60A-24224BA95419} - C:\WINDOWS\system32\awtqo.dll (file missing)
O2 - BHO: (no name) - {634C7583-74C6-4FEF-BD06-9721761A6815} - C:\WINDOWS\system32\xxyvvvt.dll
O2 - BHO: (no name) - {70B687A9-4087-4E13-B2A3-AEC6CF11EEE9} - C:\WINDOWS\system32\pmkjk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win32.tmp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\axirtsla.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Bwer] "C:\DOCUME~1\Michael\MYDOCU~1\MCROSO~1\userinit.exe" -vt yazb
O4 - HKCU\..\Run: [Sohoh] "C:\Program Files\Common Files\M?crosoft.NET\l?ass.exe"
O4 - HKCU\..\Run: [Kod] C:\WINDOWS\Tasks\n?tepad.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\AMV Convert Tool 3.70\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: nnnoolj - nnnoolj.dll (file missing)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll
O20 - Winlogon Notify: xxyvvvt - C:\WINDOWS\SYSTEM32\xxyvvvt.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
