Thank you very much sempai for re-opening this topic!
You should find the content you requested below. Once again, I will not be back until Monday. Thanks for all your help so far!
Viruscan.org Reports:
VirSCAN.org Scanned Report :
Scanned time : 2010/06/28 04:31:54 (CST)
Scanner results: Scanners did not find malware!
File Name : Uninstall_CDS.exe
File Size : 40960 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : ab485c92592a3ee01572910e3cb26243
SHA1 : e745ce993bc829e045ff84fb61a2cf34221ccc9b
Online report :
http://virscan.org/report/58a299da53f439e2...fd1c0173e3.htmlScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100626080606 2010-06-26 6.51 -
AhnLab V3 2010.06.18.01 2010.06.18 2010-06-18 1.18 -
AntiVir 8.2.4.2 7.10.8.190 2010-06-25 0.26 -
Antiy 2.0.18 20100628.4796407 2010-06-28 0.02 -
Arcavir 2009 201006270216 2010-06-27 0.04 -
Authentium 5.1.1 201006271203 2010-06-27 1.36 -
AVAST! 4.7.4 100627-1 2010-06-27 0.01 -
AVG 8.5.793 271.1.1/2966 2010-06-27 0.25 -
BitDefender 7.90123.6327162 7.32445 2010-06-28 3.78 -
ClamAV 0.96.1 11263 2010-06-27 0.02 -
Comodo 3.13.579 5237 2010-06-27 0.91 -
CP Secure 1.3.0.5 2010.06.26 2010-06-26 0.00 -
Dr.Web 5.0.2.3300 2010.06.28 2010-06-28 8.28 -
F-Prot 4.4.4.56 20100627 2010-06-27 1.36 -
F-Secure 7.02.73807 2010.06.27.01 2010-06-27 10.71 -
Fortinet 4.1.133 12.88 2010-06-27 0.19 -
GData 21.420/21.155 20100627 2010-06-27 7.33 -
ViRobot 20100626 2010.06.26 2010-06-26 0.38 -
Ikarus T3.1.01.84 2010.06.27.76149 2010-06-27 6.99 -
JiangMin 13.0.900 2010.06.27 2010-06-27 1.24 -
Kaspersky 5.5.10 2010.06.27 2010-06-27 0.14 -
KingSoft 2009.2.5.15 2010.6.27.18 2010-06-27 0.62 -
McAfee 5400.1158 6026 2010-06-27 16.46 -
Microsoft 1.5902 2010.06.27 2010-06-27 6.73 -
Norman 6.05.10 6.05.00 2010-06-27 6.01 -
Panda 9.05.01 2010.06.27 2010-06-27 1.81 -
Trend Micro 9.120-1004 7.270.04 2010-06-27 0.04 -
Quick Heal 10.00 2010.06.26 2010-06-26 1.53 -
Rising 20.0 22.53.04.05 2010-06-25 1.26 -
Sophos 3.07.1 4.54 2010-06-28 7.48 -
Sunbelt 3.9.2426.2 6508 2010-06-25 7.60 -
Symantec 1.3.0.24 20100615.005 2010-06-15 0.05 -
nProtect 20100627.02 8805752 2010-06-27 7.79 -
The Hacker 6.5.2.0 v00304 2010-06-25 0.35 -
VBA32 3.12.12.5 20100625.0804 2010-06-25 2.88 -
VirusBuster 4.5.11.10 10.126.105/20405772010-06-27 2.38 -
VirSCAN.org Scanned Report :
Scanned time : 2010/06/28 04:37:14 (CST)
Scanner results: Scanners did not find malware!
File Name : npf.sys
File Size : 50704 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : c5f0202a00227aecb69e722c52385ffc
SHA1 : c29688c86736a7300586086153feb85399d804a6
Online report :
http://virscan.org/report/3bb0220e723ab544...1d1252a6ec.htmlScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.11 20100626080606 2010-06-26 4.98 -
AhnLab V3 2010.06.18.01 2010.06.18 2010-06-18 1.26 -
AntiVir 8.2.4.2 7.10.8.190 2010-06-25 0.26 -
Antiy 2.0.18 20100628.4796407 2010-06-28 0.02 -
Arcavir 2009 201006270216 2010-06-27 0.03 -
Authentium 5.1.1 201006271203 2010-06-27 1.36 -
AVAST! 4.7.4 100627-1 2010-06-27 0.01 -
AVG 8.5.793 271.1.1/2966 2010-06-27 0.25 -
BitDefender 7.90123.6327162 7.32445 2010-06-28 3.80 -
ClamAV 0.96.1 11263 2010-06-27 0.02 -
Comodo 3.13.579 5237 2010-06-27 0.85 -
CP Secure 1.3.0.5 2010.06.26 2010-06-26 0.00 -
Dr.Web 5.0.2.3300 2010.06.28 2010-06-28 8.34 -
F-Prot 4.4.4.56 20100627 2010-06-27 1.35 -
F-Secure 7.02.73807 2010.06.27.01 2010-06-27 9.93 -
Fortinet 4.1.133 12.88 2010-06-27 0.17 -
GData 21.420/21.155 20100627 2010-06-27 7.15 -
ViRobot 20100626 2010.06.26 2010-06-26 0.37 -
Ikarus T3.1.01.84 2010.06.27.76149 2010-06-27 6.90 -
JiangMin 13.0.900 2010.06.27 2010-06-27 1.25 -
Kaspersky 5.5.10 2010.06.27 2010-06-27 0.09 -
KingSoft 2009.2.5.15 2010.6.27.18 2010-06-27 0.66 -
McAfee 5400.1158 6026 2010-06-27 16.38 -
Microsoft 1.5902 2010.06.27 2010-06-27 7.01 -
Norman 6.05.10 6.05.00 2010-06-27 6.01 -
Panda 9.05.01 2010.06.27 2010-06-27 1.62 -
Trend Micro 9.120-1004 7.270.04 2010-06-27 0.03 -
Quick Heal 10.00 2010.06.26 2010-06-26 1.56 -
Rising 20.0 22.53.04.05 2010-06-25 1.21 -
Sophos 3.07.1 4.54 2010-06-28 3.60 -
Sunbelt 3.9.2426.2 6508 2010-06-25 8.55 -
Symantec 1.3.0.24 20100615.005 2010-06-15 0.32 -
nProtect 20100627.02 8805752 2010-06-27 7.88 -
The Hacker 6.5.2.0 v00304 2010-06-25 0.32 -
VBA32 3.12.12.5 20100625.0804 2010-06-25 2.75 -
VirusBuster 4.5.11.10 10.126.105/20405772010-06-27 2.38 -
ComboFix Log:
ComboFix 10-07-01.02 - Rick 07/01/2010 13:45:07.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2943.2331 [GMT -4:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
FILE ::
"c:\docume~1\rick\locals~1\temp\gel90xne.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GEL90XNE
-------\Service_gel90xne
((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.
2010-06-28 05:25 . 2010-06-28 05:25 337424 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-25 23:10 . 2010-06-25 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-06-25 23:10 . 2010-06-25 23:20 217180 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-06-25 23:10 . 2010-06-27 23:35 217180 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-06-25 23:10 . 2010-06-27 23:35 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-06-25 23:10 . 2010-06-25 23:11 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-25 23:09 . 2010-06-07 23:57 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-25 23:09 . 2010-06-07 23:57 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-25 23:09 . 2010-06-07 23:57 2186342 ----a-w- c:\windows\system32\nvdata.bin
2010-06-25 23:09 . 2010-06-07 23:57 2165352 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-25 23:09 . 2010-06-07 23:57 10256384 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-21 17:44 . 2010-06-21 17:44 -------- d-----w- c:\program files\Bonjour
2010-06-14 20:59 . 2010-06-14 20:59 -------- d-----w- c:\program files\TrendMicro
2010-06-09 02:06 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 21:34 . 2010-06-07 21:34 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-06-07 21:34 . 2010-06-07 21:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-06-07 21:34 . 2010-06-07 21:34 13902440 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 21:34 . 2010-06-07 21:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 21:34 . 2010-06-07 21:34 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2010-06-07 21:34 . 2010-06-07 21:34 145000 ----a-w- c:\windows\system32\nvcolor.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 17:49 . 2008-11-24 22:18 -------- d-----w- c:\program files\iTunes
2010-06-21 17:48 . 2006-07-01 01:32 -------- d-----w- c:\program files\iPod
2010-06-21 17:48 . 2007-07-07 01:03 -------- d-----w- c:\program files\Common Files\Apple
2010-06-09 03:29 . 2007-06-16 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-07 23:57 . 2008-10-07 18:33 4554752 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2008-01-05 16:02 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-06-07 23:57 . 2008-01-05 16:01 15192064 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-07 23:57 . 2008-01-05 16:00 232040 ----a-w- c:\windows\system32\nvcodins.dll
2010-06-07 23:57 . 2008-01-05 16:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2008-01-05 16:00 1359872 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2004-10-28 17:10 10531200 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-06-07 23:57 . 2004-10-28 17:10 6300544 ----a-w- c:\windows\system32\nv4_disp.dll
2010-06-06 16:38 . 2009-02-07 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-05 21:03 . 2009-02-25 20:35 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-02 18:03 . 2009-03-20 18:15 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 18:03 . 2008-05-04 15:48 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 16:58 . 2008-12-26 23:56 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-24 18:55 . 2009-11-08 19:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-24 18:55 . 2009-03-15 23:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-24 18:54 . 2008-04-10 20:05 -------- d-----w- c:\program files\Lavasoft
2010-05-24 18:54 . 2010-05-24 18:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-18 22:49 . 2008-04-08 22:42 -------- d-----w- c:\documents and settings\Rick\Application Data\Download Manager
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41 . 2004-10-28 18:47 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-10-28 18:47 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-02-07 01:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-02-07 01:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-10-28 18:46 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 00:47 . 2008-09-10 21:12 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2007-11-12 16:22 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 00:00 . 2007-12-25 19:07 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-16 00:00 . 2007-12-25 19:07 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2004-03-11 17:27 . 2005-09-19 21:29 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2007-11-06 21:22 . 2006-07-31 01:31 88 --sh--r- c:\windows\system32\138CF50FC0.sys
2007-11-06 21:22 . 2006-07-31 01:31 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Google Update"="c:\documents and settings\Rick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-27 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMSnap1"="c:\windows\VMSnap1.exe" [2006-07-17 49152]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"domino"="c:\windows\domino.exe" [2006-07-04 49152]
"BigDogPath"="c:\windows\VM_STI.EXE" [2008-05-29 40960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-18 864112]
"ipTray.exe"="c:\program files\Intel\IDU\iptray.exe" [2005-12-02 1687552]
"awTray.exe"="c:\program files\Intel\IDU\awtray.exe" [2005-12-01 1305600]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-29 202256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 22:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA Games\\Nightfire\\Bond.exe"=
"c:\\Program Files\\Airlink101\\ANAS350\\Configure.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Activision\\Quantum of Solace\\JB_LiveEngine_s.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Real\\realplayer\\realplay.exe"=
"c:\\Program Files\\ETC\\SmartSoft\\Binaries\\SmartSoft.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Web Server
"9999:UDP"= 9999:UDP:IDU Service UDP Port
"2804:TCP"= 2804:TCP:IDU Service TCP Port
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/25/2009 4:35 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/4/2008 11:48 AM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/20/2009 2:15 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/17/2010 6:44 PM 308064]
R2 EBIOS32;EBIOS32 - NT Driver;c:\windows\system32\drivers\EBIOS32.SYS [12/22/2008 1:08 PM 13922]
R2 UsbService;Eltima Usb to Ethernet Connector;c:\program files\ASUS\Printer Utilities\UsbService.exe [12/16/2009 11:16 PM 217088]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/11/2004 3:34 PM 32640]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [12/16/2009 11:16 PM 66432]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 ETCHSP;ETCHSP;c:\windows\system32\drivers\etchsp.sys [2/18/2005 4:58 PM 10240]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 11:35 AM 50704]
.
Contents of the 'Scheduled Tasks' folder
2010-07-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:17]
2010-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640585479-3863577675-661235464-1006Core.job
- c:\documents and settings\Rick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-27 01:15]
2010-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640585479-3863577675-661235464-1006UA.job
- c:\documents and settings\Rick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-27 01:15]
2010-07-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1640585479-3863577675-661235464-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
2010-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1640585479-3863577675-661235464-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
2010-07-01 c:\windows\Tasks\User_Feed_Synchronization-{3797ADAB-1D6C-47BA-88CC-FCE1050CECC6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
- - - - ORPHANS REMOVED - - - -
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-01 14:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1640585479-3863577675-661235464-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1640585479-3863577675-661235464-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d6,69,29,09,5a,1a,42,69,fb,fa,5b,55,b2,38,f0,c5,b5,6b,51,a8,bf,f1,f0,
6b,bf,7b,3f,28,73,b4,49,7a,d1,af,f4,2c,88,83,68,32,67,aa,5e,dd,a7,30,57,08,\
"??"=hex:d7,ad,cf,2c,bd,41,7a,2e,ea,5e,78,7c,63,05,8d,5b
[HKEY_USERS\S-1-5-21-1640585479-3863577675-661235464-1006\Software\SecuROM\License information*]
"datasecu"=hex:56,e8,60,22,b3,3e,6f,93,5c,d0,7b,8d,8e,dc,9b,7a,f0,2e,d8,a3,49,
23,7e,22,33,a2,92,08,3c,bf,78,09,6b,1b,bb,4f,0b,f0,3a,39,cc,d3,4d,ab,55,63,\
"rkeysecu"=hex:7c,d9,12,ab,81,cc,73,1c,b6,d7,9d,fc,38,2a,4f,23
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2140)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\brss01a.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\IDU\awServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-01 14:29:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-01 18:29
ComboFix2.txt 2010-06-24 16:38
ComboFix3.txt 2008-12-22 20:07
Pre-Run: 54,781,317,120 bytes free
Post-Run: 54,675,570,688 bytes free
- - End Of File - - 1F64125127DEF4C455C3113583B70DEE