Here is the Combo Fix Log
ComboFix 09-04-21.A1 - sludwick 04/21/2009 0:17.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2996 [GMT -7:00]
Running from: c:\documents and settings\sludwick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\sludwick\Desktop\cfscript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\system32\drivers\vijardsy.sys
.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-20 21:05 . 2009-04-20 21:05 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-20 21:05 . 2009-04-20 21:05 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-20 01:22 . 2009-04-20 01:22 -------- d-----w C:\_OTListIt
2009-04-19 21:07 . 2009-04-19 21:09 -------- d-----w C:\Lop SD
2009-04-19 01:42 . 2009-04-19 01:43 -------- d-----w C:\Rooter$
2009-04-19 00:48 . 2009-04-19 00:48 -------- d-----w C:\VundoFix Backups
2009-04-18 13:35 . 2008-04-14 07:50 182656 -c--a-w c:\windows\system32\dllcache\ndis.sys
2009-04-18 05:00 . 2009-04-18 05:00 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-15 02:16 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 02:16 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 02:16 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 02:16 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 02:16 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 02:16 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 02:16 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 02:16 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 02:16 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 02:12 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 02:12 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-03-25 17:44 . 2009-03-25 17:44 -------- d-----w c:\documents and settings\sludwick\Application Data\Malwarebytes
2009-03-25 17:44 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-25 17:44 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 17:44 . 2009-03-25 17:44 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-25 17:40 . 2009-03-25 17:55 -------- d-----w c:\windows\4C271126C2954828A9015910AE0C258B.TMP
2009-03-25 09:45 . 2009-03-25 09:45 -------- d-----w c:\documents and settings\sludwick\Local Settings\Application Data\quobarxz
2009-03-25 09:45 . 2009-03-25 09:45 -------- d-----w c:\documents and settings\sludwick\Application Data\quobarxz
2009-03-24 05:59 . 2009-03-24 05:59 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\quobarxz
2009-03-24 05:59 . 2009-03-24 05:59 -------- d-----w c:\documents and settings\NetworkService\Application Data\quobarxz
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 07:02 . 2008-09-10 19:36 -------- d-----w c:\documents and settings\sludwick\Application Data\skypePM
2009-04-21 06:50 . 2008-09-10 19:33 -------- d-----w c:\documents and settings\sludwick\Application Data\Skype
2009-04-20 21:05 . 2008-09-12 14:56 -------- d-----w c:\program files\Java
2009-04-19 21:09 . 2009-04-19 21:07 12551 ----a-w C:\lopR.txt
2009-04-19 01:43 . 2009-04-19 01:43 3842 ----a-w C:\Rooter.txt
2009-04-19 01:38 . 2009-04-19 00:48 272 ----a-w C:\VundoFix.txt
2009-04-18 17:43 . 2009-04-18 17:43 -------- d-----w c:\program files\Trend Micro
2009-04-18 13:48 . 2009-03-25 17:44 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 05:00 . 2009-04-18 05:00 -------- d-----w c:\program files\iTunes
2009-04-18 05:00 . 2009-04-18 05:00 -------- d-----w c:\program files\iPod
2009-04-18 05:00 . 2008-10-29 15:35 -------- d-----w c:\program files\Common Files\Apple
2009-04-18 04:58 . 2008-10-29 15:36 -------- d-----w c:\program files\QuickTime
2009-04-18 04:50 . 2009-04-18 04:50 -------- d-----w c:\program files\Bonjour
2009-04-15 22:02 . 2008-09-03 23:11 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-28 14:03 . 2009-03-07 02:05 -------- d-----w c:\program files\Common
2009-03-23 18:57 . 2008-01-22 18:24 -------- d-----w c:\program files\Symantec AntiVirus
2009-03-19 23:32 . 2008-10-29 15:37 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 18:44 . 2009-03-19 18:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-19 18:44 . 2009-03-19 18:42 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-19 18:05 . 2009-03-19 17:26 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-11 00:52 . 2008-01-22 18:26 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-11 00:49 . 2008-01-22 18:26 -------- d-----w c:\program files\Lavasoft
2009-03-11 00:49 . 2009-03-11 00:49 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-06 14:22 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-03-04 03:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-26 02:37 . 2008-03-10 19:47 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 18:09 . 2004-08-04 10:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-17 10:14 . 2009-02-18 23:04 278528 ----a-w c:\windows\system32\TubeFinder.exe
2009-02-14 00:52 . 2008-01-22 17:21 63434 ----a-w c:\windows\system32\nvModes.dat
2009-02-09 12:10 . 2004-08-04 10:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 10:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 10:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 10:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-04 10:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2005-03-30 01:21 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 10:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2005-03-30 01:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-04 10:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-10-17 17:03 . 2008-10-17 17:03 60744 ----a-w c:\documents and settings\sludwick\g2mdlhlpx.exe
2008-10-02 07:41 . 2008-09-11 14:56 70408 ----a-w c:\documents and settings\sludwick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-03-10 20:14 . 2008-03-10 20:14 64200 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-01-22 17:39 . 2008-01-22 17:39 12328 ----a-w c:\documents and settings\TAIC Employee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-10-09 22:04 . 2008-10-02 07:41 56 --sh--r c:\windows\system32\6125160107.sys
2008-10-09 22:04 . 2008-10-02 06:55 4182 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-05-14 16:11 . 2008-05-14 16:11 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051420080515\index.dat
.
((((((((((((((((((((((((((((( SnapShot_2009-04-20_16.10.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 10:00 . 2009-04-20 16:03 72554 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2009-04-20 21:21 72554 c:\windows\system32\perfc009.dat
+ 2009-03-25 17:40 . 2009-04-20 16:24 45056 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla51.dll
- 2009-03-25 17:40 . 2009-04-20 01:14 45056 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla51.dll
+ 2009-03-25 17:40 . 2009-04-20 21:19 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla39.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla39.dll
+ 2009-03-25 17:40 . 2009-04-20 16:24 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla38.dll
- 2009-03-25 17:40 . 2009-04-20 01:14 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla38.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla37.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla37.dll
+ 2009-03-25 17:40 . 2009-04-20 16:24 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla36.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla36.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla35.dll
+ 2009-03-25 17:40 . 2009-04-20 16:24 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla35.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla33.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla33.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla27.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla27.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla26.dll
+ 2009-03-25 17:40 . 2009-04-20 21:19 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla26.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla25.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla25.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla24.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla24.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla23.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla23.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla22.dll
+ 2009-03-25 17:40 . 2009-04-20 21:19 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla22.dll
+ 2009-03-25 17:40 . 2009-04-20 21:19 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla21.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla21.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla18.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla18.dll
+ 2009-03-25 17:40 . 2009-04-20 21:19 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 29480 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla.dll
+ 2009-03-25 17:40 . 2009-04-20 21:19 26421 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCall.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 26421 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCall.dll
+ 2004-08-04 10:00 . 2009-04-20 21:21 445096 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2009-04-20 16:03 445096 c:\windows\system32\perfh009.dat
+ 2009-04-20 21:05 . 2009-04-20 21:05 148888 c:\windows\system32\javaws.exe
+ 2009-04-20 21:05 . 2009-04-20 21:05 144792 c:\windows\system32\javaw.exe
+ 2009-04-20 21:05 . 2009-04-20 21:05 144792 c:\windows\system32\java.exe
- 2009-03-25 17:55 . 2009-04-20 16:02 125719 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla50.dll
+ 2009-03-25 17:55 . 2009-04-20 20:17 125719 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla50.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 110799 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla49.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 110799 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla49.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 116956 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla48.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 116956 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla48.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 110936 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla47.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 110936 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla47.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 110797 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla46.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 110797 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla46.dll
+ 2009-03-25 17:40 . 2009-04-20 21:19 110500 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla44.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 110500 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla44.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 111260 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla43.dll
+ 2009-03-25 17:40 . 2009-04-20 20:17 111260 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla43.dll
+ 2009-03-25 17:40 . 2009-04-20 21:19 111269 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla42.dll
- 2009-03-25 17:40 . 2009-04-20 16:02 111269 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla42.dll
- 2009-03-25 17:55 . 2009-04-20 16:02 111476 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla41.dll
+ 2009-03-25 17:55 . 2009-04-20 21:19 111476 c:\windows\4C271126C2954828A9015910AE0C258B.TMP\WiseCustomCalla41.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-29 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-21 1228800]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-21 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-20 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-29 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-04-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-02-19 303104]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-22 50688]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-9-3 6144]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-28 116464]
S2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\Common Files\ICWM\Printer\RDIConverterService.exe [2008-10-01 64888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
.
Contents of the 'Scheduled Tasks' folder
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
DPF: {8D3314D6-5914-46C1-9F3D-9F14B6A305F1} - hxxp://www.mytpi.com/mytpi05/eval/ectuploader.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-21 00:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\windows\system32\msiexec.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-04-21 0:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-21 07:24
ComboFix2.txt 2009-04-20 16:13
ComboFix3.txt 2009-04-20 09:59
ComboFix4.txt 2009-04-20 02:13
ComboFix5.txt 2009-04-21 07:16
Pre-Run: 36,645,588,992 bytes free
Post-Run: 36,659,568,640 bytes free
279 --- E O F --- 2009-04-15 22:04