I did everything step by step and here are the logs. (thanks again by the way!)
otmoveit log
DllUnregisterServer procedure not found in C:\Windows\system32\opnopNDV.dll
C:\Windows\system32\opnopNDV.dll NOT unregistered.
File move failed. C:\Windows\system32\opnopNDV.dll scheduled to be moved on reboot.
File/Folder C:\Program Files\RKFree not found.
< Purity >
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05172008_191444
Files moved on Reboot...
DllUnregisterServer procedure not found in C:\Windows\system32\opnopNDV.dll
C:\Windows\system32\opnopNDV.dll NOT unregistered.
File move failed. C:\Windows\system32\opnopNDV.dll scheduled to be moved on reboot.
combofix log
ComboFix 08-05-15.3 - TIM 2008-05-17 19:27:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1115 [GMT -5:00]
Running from: C:\Users\TIM\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\POPMENU.BAT
C:\Windows\system32\adssite-remove.exe
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\fbhvdact.ini
C:\Windows\system32\nfafurny.ini
C:\Windows\system32\opnopNDV.dll
C:\Windows\system32\packet.dll
C:\Windows\system32\pthreadVC.dll
C:\Windows\system32\rightonadz-uninst.exe
C:\Windows\System32\VDNponpo.ini
C:\Windows\System32\VDNponpo.ini2
C:\Windows\System32\vunduydm.ini
C:\Windows\System32\VvuBayay.ini
C:\Windows\System32\VvuBayay.ini2
C:\Windows\system32\wanpacket.dll
C:\Windows\system32\wpcap.dll
C:\Windows\System32\XbIjPXbc.ini
C:\Windows\System32\XbIjPXbc.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-17 19:13 . 2008-05-17 19:13 <DIR> d-------- C:\_OTMoveIt
2008-05-17 10:17 . 2008-05-17 10:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 00:36 . 2008-05-17 00:35 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-05-17 00:35 . 2008-05-17 09:12 <DIR> d-------- C:\Users\TIM\.housecall6.6
2008-05-16 23:55 . 2008-05-16 23:55 <DIR> d-------- C:\VundoFix Backups
2008-05-16 21:04 . 2008-05-16 21:04 <DIR> d-a------ C:\Users\All Users\rkfree
2008-05-16 21:04 . 2008-05-16 21:04 <DIR> d-a------ C:\ProgramData\rkfree
2008-05-16 19:54 . 2008-05-16 20:11 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-05-16 19:54 . 2008-05-16 20:11 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-05-16 19:54 . 2008-05-16 20:11 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-05-16 19:34 . 2008-05-16 19:34 <DIR> d-------- C:\Users\All Users\Avg7
2008-05-16 19:34 . 2008-05-16 19:34 <DIR> d-------- C:\ProgramData\Avg7
2008-05-16 10:51 . 2008-05-16 10:52 317,824 --a------ C:\Windows\System32\cbXPjIbX.dll
2008-05-16 09:44 . 2008-05-16 09:44 317,824 --a------ C:\Windows\System32\yayaBuvV.dll
2008-05-15 23:33 . 2008-05-16 09:39 297 --a------ C:\Windows\wininit.ini
2008-05-15 22:36 . 2008-05-15 19:02 94,208 --a------ C:\Windows\exnk.exe
2008-05-07 14:41 . 2008-05-11 07:26 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-07 14:41 . 2008-05-07 14:41 1,409 --a------ C:\Windows\QTFont.for
2008-05-05 20:47 . 2005-11-15 20:42 122,880 --a------ C:\Windows\System32\rapi.dll
2008-05-04 22:35 . 2008-05-04 22:35 16 --a------ C:\Windows\popcinfo.dat
2008-05-01 16:46 . 2008-05-17 00:30 <DIR> d-------- C:\Users\All Users\Zylom
2008-05-01 16:46 . 2008-05-17 00:30 <DIR> d-------- C:\ProgramData\Zylom
2008-04-29 22:50 . 2008-04-29 22:50 <DIR> d-------- C:\Users\All Users\SugarGames
2008-04-29 22:50 . 2008-04-29 22:50 <DIR> d-------- C:\ProgramData\SugarGames
2008-04-24 03:45 . 2008-04-24 03:45 0 --a------ C:\Windows\System32\tviresource.val
2008-04-24 03:44 . 2008-04-24 03:44 <DIR> d-------- C:\Windows\TweakVI
2008-04-23 08:48 . 2008-04-23 08:52 <DIR> d--h----- C:\Windows\Icons
2008-04-23 00:42 . 2008-04-23 00:42 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-22 23:54 . 2008-04-22 23:54 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-04-22 20:04 . 2008-04-22 20:04 <DIR> d-------- C:\PerfLogs
2008-04-22 19:49 . 2008-04-22 19:34 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-04-22 19:49 . 2008-04-22 19:34 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-04-22 19:41 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-04-22 19:41 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-04-22 19:37 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-04-22 19:34 . 2008-04-22 19:50 196,608 --a------ C:\Windows\SPInstall.etl
2008-04-22 19:01 . 2008-04-22 19:01 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-20 12:54 . 2008-04-20 12:54 <DIR> d-------- C:\Users\TIM\New Folder (2)
2008-04-20 12:51 . 2008-04-20 12:51 <DIR> d-------- C:\Users\TIM\New Folder (1)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 22:36 --------- d-----w C:\Users\TIM\AppData\Roaming\LimeWire
2008-05-17 22:36 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-17 20:22 --------- d-----w C:\ProgramData\Google Updater
2008-05-17 14:26 --------- d-----w C:\Users\TIM\AppData\Roaming\Yahoo!
2008-05-17 03:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-17 01:11 --------- d-----w C:\ProgramData\Symantec
2008-05-17 01:11 --------- d-----w C:\Program Files\Symantec
2008-05-17 01:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-17 00:57 --------- d--h--w C:\ProgramData\yahoo!
2008-05-17 00:53 --------- d-----w C:\Program Files\Yahoo!
2008-05-15 20:34 --------- d-----w C:\Program Files\LimeWire
2008-05-15 03:53 --------- d-----w C:\Program Files\Real
2008-05-14 08:03 --------- d-----w C:\Program Files\Windows Mail
2008-05-13 21:17 --------- d-----w C:\Program Files\Bodog Poker
2008-05-10 02:54 --------- d-----w C:\Users\TIM\AppData\Roaming\ZoomBrowser EX
2008-05-10 02:53 --------- d-----w C:\ProgramData\ZoomBrowser
2008-05-09 04:57 354,560 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-05-09 04:57 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-07 04:07 --------- d-----w C:\Users\TIM\AppData\Roaming\Image Zone Express
2008-05-04 20:04 --------- d-----w C:\Program Files\OddsMaker.Com Poker
2008-04-23 01:11 --------- d-----w C:\ProgramData\NVIDIA
2008-04-23 01:10 174 --sha-w C:\Program Files\desktop.ini
2008-04-23 01:04 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-23 01:04 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-23 01:04 --------- d-----w C:\Program Files\Windows Journal
2008-04-23 01:04 --------- d-----w C:\Program Files\Windows Defender
2008-04-23 01:04 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-23 01:04 --------- d-----w C:\Program Files\Windows Calendar
2008-04-23 00:53 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-23 00:53 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-14 15:19 --------- d-----w C:\ProgramData\BVRP Software
2008-04-14 15:18 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-04-14 15:16 --------- d-----w C:\Program Files\Avanquest update
2008-04-14 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 03:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-14 03:48 --------- d-----w C:\Program Files\Full Tilt Poker
2008-04-14 03:46 --------- d-----w C:\Program Files\PokerStars
2008-04-07 13:57 --------- d-----w C:\Users\TIM\AppData\Roaming\InstallShield
2008-04-04 19:51 28,416 ----a-w C:\Windows\System32\uxtuneup.dll
2008-04-04 19:51 16,640 ----a-w C:\Windows\System32\authuitu.dll
2008-04-03 05:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 03:43 --------- d-----w C:\Program Files\Coupons
2008-03-31 07:15 --------- d-----w C:\Users\TIM\AppData\Roaming\TuneUp Software
2008-03-31 07:15 --------- d-----w C:\ProgramData\TuneUp Software
2008-03-31 07:13 --------- d-----w C:\Program Files\a-squared Free
2008-03-22 02:18 --------- d-----w C:\Program Files\Java
2008-03-21 14:22 --------- d-----w C:\ProgramData\PCPitstop
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2007-09-10 15:15 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-06-06 23:37 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 04:42 53341]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 18:24 319488]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2006-12-04 16:05 1261568]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-02-28 17:50 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-08 21:57 3784704 C:\Windows\RtHDVCpl.exe]
"P17RunE"="P17RunE.dll" [2007-04-09 09:40 14848 C:\Windows\System32\P17RunE.dll]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\Windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5409ccab]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2006-11-09 10:19 204800 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--a------ 2006-11-17 04:42 53341 C:\Program Files\Creative\Shared Files\CTSched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--------- 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17RunE]
--a------ 2007-04-09 09:40 14848 C:\Windows\System32\P17RunE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\postSetupCheck]
C:\Windows\system32\gzmrt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-11-08 21:57 3784704 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-13 00:52 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UFC Media Manager Tray]
--a------ 2007-03-12 23:15 387152 C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\Windows\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 23:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-03-28 17:10 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"="C:\Windows\system32\MSCONFIG.exe" /auto
"UpdReg"=C:\Windows\UpdReg.EXE
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" /startup
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{606F9767-608B-402B-961F-09F4FD26CF0D}"= UDP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{F805D548-A289-46D1-BD6F-D4F60A7C6050}"= TCP:C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{B72072FB-56BB-43FD-9A80-9BCF8D7289E0}"= UDP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{0C764EEA-4B92-4251-88CF-A63A3B6BAC2F}"= TCP:C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCC058AA-2F4C-4604-8F3C-93811B85C4A2}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{53DBA74A-093C-4270-BF2C-A9A443CAA248}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{69E5CD57-D89E-46A5-BB98-A79C39D6EC2A}"= UDP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{9DE2CC96-75DC-47FF-BA30-9162BE1C38CF}"= TCP:C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{7A5CBA66-D006-4CD7-BA7B-7086872ADBC1}"= UDP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{03DE0338-B9D1-4DEA-986A-80946EA0CDE7}"= TCP:C:\Program Files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{2BC71C02-B8DF-437F-973B-59D12C23FF82}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C294B8A2-E40F-4323-A1B3-8FE455F16ACB}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{ECE152AE-45CA-4E4C-83A1-0AFAE9407B0E}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AFDB84F3-4B63-4F4D-93A0-7DF4034AE762}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{206DAD17-43AD-41D9-B565-3E5F6FA7F808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{65D8AA07-5C52-45CA-8B72-54C8411E0AD9}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D7232D71-E7FB-42C1-8E09-1C2BA222ED6A}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CD05033E-ACF2-45D8-8AAD-804F9505A011}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DA5BB3C9-8292-40E5-985B-FBFE8AA55256}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{87D33303-90A0-4287-8EA0-AD0CE6B7D3E7}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{81D0A24F-3906-459D-AA50-1B5407F26811}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{2E59CA52-DD08-416B-B125-02CBFAF54FAB}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{C948C6E5-AC3C-45E4-9167-D2DCBD228B3D}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{5F2ADB86-F50E-402C-8EC1-093DDF9823C6}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{F06BCBF0-CE1D-4364-8553-DD2D294D1E47}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{876AC6C5-F726-4BF7-9066-4D7A086F7534}C:\\program files\\yahoo!\\yahoo! music jukebox\\yahoomusicengine.exe"= UDP:C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe:Yahoo! Music Jukebox
"UDP Query User{421F88D1-5094-4198-A413-349AEE264C0F}C:\\program files\\yahoo!\\yahoo! music jukebox\\yahoomusicengine.exe"= TCP:C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe:Yahoo! Music Jukebox
"{CBB568D6-3ED8-499E-8E8D-33E315B834D8}"= UDP:C:\Program Files\Bodog Poker\BPGame.exe:Bodog Poker
"{A2F53DF0-5ED7-4B6A-915F-7E19827ACFED}"= TCP:C:\Program Files\Bodog Poker\BPGame.exe:Bodog Poker
"TCP Query User{9FF4E015-2A6A-41BD-B30C-6ADEBC91A654}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{182C980C-E125-472A-84AC-7FC614EBEC9C}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{F5F07073-7E68-47B1-AE6F-BC838AF41318}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{73164EBA-9472-4CEB-8EF7-CC8F6422B2B9}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{0DE048AD-4248-43E3-B2ED-643893667ADA}"= UDP:C:\Windows\System32\Event Agent\Bin\services .exe:EventAgentScanner
"{8F96E10E-BC33-4A94-A6BA-CB4067D68340}"= TCP:C:\Windows\System32\Event Agent\Bin\services .exe:EventAgentScanner
"{C19E19E8-057B-4BFA-A16C-FEE51C48B0B5}"= UDP:C:\Windows\System32\Event Agent\Bin\spoolsv .exe:EventAgentStartup
"{FDDFAAD8-4A43-4134-8A28-F40D131C46C8}"= TCP:C:\Windows\System32\Event Agent\Bin\spoolsv .exe:EventAgentStartup
"{E2BEF1BB-B5E6-45F4-9008-D9A452856E6D}"= UDP:C:\Windows\System32\Event Agent\lsass .exe:EventAgentLite2
"{B57E6959-169B-490B-858E-F9A45D63A625}"= TCP:C:\Windows\System32\Event Agent\lsass .exe:EventAgentLite2
"{0E5CE0E2-7486-4F94-9352-E9C19F81F008}"= UDP:C:\Windows\System32\Event Agent\lite.exe:EventAgentLite
"{8CC8D98B-61DC-42F6-A6CE-A246BFF8CBB4}"= TCP:C:\Windows\System32\Event Agent\lite.exe:EventAgentLite
"{D0294508-F921-4DF6-BB7C-250F1DDC89EE}"= UDP:C:\Windows\System32\Event Agent\Bin\smss .exe:EventAgentKey
"{2BDADE41-4F1D-4CC6-9F1C-9506CECFAEBC}"= TCP:C:\Windows\System32\Event Agent\Bin\smss .exe:EventAgentKey
"{B275389F-A0AD-4BB3-9B31-4857398133B1}"= UDP:C:\Windows\System32\Event Agent\Bin\EventAgentRegistry.exe:EventAgentRegistry
"{F3502206-5266-4BF9-8DBF-84D5C73E562C}"= TCP:C:\Windows\System32\Event Agent\Bin\EventAgentRegistry.exe:EventAgentRegistry
"TCP Query User{101F5F2D-A6AB-4DA5-A7F4-4441144C07AA}C:\\program files\\common files\\newtech infosystems\\liveupdate\\liveupdate.exe"= UDP:C:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe:LiveUpdate
"UDP Query User{AEEBC92F-17A1-49E6-B2AA-816567ACC4D6}C:\\program files\\common files\\newtech infosystems\\liveupdate\\liveupdate.exe"= TCP:C:\program files\common files\newtech infosystems\liveupdate\liveupdate.exe:LiveUpdate
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 15:10]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 15:21]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 16:11]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080513.001\IDSvix86.sys [2008-05-13 00:27]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 17:32]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-01-19 11:53]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-01-19 11:53]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-05-08 23:57]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-18 00:31:37 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-05-17 01:15:38 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - TIM.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-17 19:32:14
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-17 19:35:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 00:35:40
Pre-Run: 84,757,889,024 bytes free
Post-Run: 84,600,123,392 bytes free
359 --- E O F --- 2008-05-17 03:29:03
new hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:05 PM, on 5/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://en.us.acer.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://my.ebay.comO15 - Trusted Zone: www.paypal.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebo...toUploader5.cabO16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) -
http://cdn.scan.onec...S/wlscctrl2.cabO16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) -
http://utilities.pcp.../pcpitstop2.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\Windows\system32\CTsvcCDA.EXE (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 9780 bytes