Hi,

I need help with the Trojan:Win32/Vundo.gen!A Attack! Must have got it through a keygen. Have been reading other posts in the forum and did some stuff. Now, need to know if I am still infected.

Did a combofix install and below is the log - Also below are main.txt and extra.txt from dss.exe. Please do go through them and suggest if I am still infected and if yes, how do I disinfect. Thank you.

ComboFix 08-06-20.4 - Dr.Tilak 2008-06-30 3:07:39.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1937 [GMT 8:00]
Running from: C:\Users\Dr.Tilak\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Dr.Tilak\AppData\Roaming\inst.exe
C:\Windows\dc.exe
C:\Windows\System32\bdLRqBeg.ini
C:\Windows\System32\bdLRqBeg.ini2
C:\Windows\system32\ddcDwWpP.dll
C:\Windows\system32\geBqRLdb.dll
C:\Windows\system32\nnnmnnLe.dll
C:\Windows\system32\Penx.dat
C:\Windows\system32\ubpjupjg.ini
C:\Windows\system32\Xpen.dat

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 19:42 . 2008-06-29 22:36 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-29 19:37 . 2008-06-29 19:37 <DIR> d-------- C:\Users\Dr.Tilak\AppData\Roaming\Nero
2008-06-29 19:32 . 2008-06-29 19:32 <DIR> d-------- C:\Users\All Users\Nero
2008-06-29 19:32 . 2008-06-29 19:32 <DIR> d-------- C:\ProgramData\Nero
2008-06-29 19:32 . 2008-06-29 19:32 <DIR> d-------- C:\Program Files\Nero
2008-06-29 19:32 . 2008-06-29 19:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-29 15:33 . 2008-06-29 15:33 81,920 --a------ C:\Windows\System32\gjpujpbu.dll
2008-06-26 12:56 . 1997-07-19 16:55 1,347,344 --a------ C:\Windows\system\Msvbvm50.dll
2008-06-26 11:36 . 2008-06-26 11:37 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-26 11:36 . 2008-06-29 20:08 <DIR> d-------- C:\Program Files\Avi2Dvd
2008-06-25 15:28 . 2008-06-25 15:28 <DIR> d-------- C:\Users\All Users\vsosdk
2008-06-25 15:28 . 2008-06-25 15:28 <DIR> d-------- C:\ProgramData\vsosdk
2008-06-24 15:51 . 2008-06-29 19:50 <DIR> d-------- C:\Users\Dr.Tilak\AppData\Roaming\uTorrent
2008-06-24 15:51 . 2008-06-24 15:51 <DIR> d-------- C:\Program Files\uTorrent
2008-06-24 15:50 . 2008-06-24 15:50 219,952 --a------ C:\utorrent.exe
2008-06-24 15:29 . 2008-06-25 15:43 <DIR> d-------- C:\Users\Dr.Tilak\AppData\Roaming\Vso
2008-06-24 15:29 . 2008-06-24 15:29 <DIR> d-------- C:\Program Files\VSO
2008-06-24 15:29 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-06-24 15:29 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-06-24 15:29 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-06-24 15:29 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-06-24 15:29 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-06-24 15:29 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-06-24 15:29 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-06-24 15:29 . 2008-06-24 15:29 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-06-24 15:29 . 2008-06-24 15:29 47,360 --a------ C:\Users\Dr.Tilak\AppData\Roaming\pcouffin.sys
2008-06-24 14:09 . 2008-06-24 14:09 <DIR> d-------- C:\Program Files\AC3Filter
2008-06-24 14:09 . 2007-08-18 15:54 380,928 --a------ C:\Windows\System32\ac3filter.acm
2008-06-24 14:01 . 2008-06-24 14:01 <DIR> d-------- C:\Users\All Users\VistaCodecs
2008-06-24 14:01 . 2008-06-24 14:01 <DIR> d-------- C:\ProgramData\VistaCodecs
2008-06-24 14:01 . 2008-06-24 14:01 <DIR> d-------- C:\Program Files\VistaCodecPack
2008-06-23 16:46 . 2008-06-23 16:50 <DIR> d-------- C:\Program Files\EasyDVDConverter
2008-06-23 16:46 . 2000-08-20 21:00 1,388,544 --a------ C:\Windows\System32\temp.004
2008-06-23 16:46 . 1999-05-18 19:29 808,700 --a------ C:\Windows\System32\Win.tlb
2008-06-23 16:46 . 2001-03-13 14:47 598,288 --a------ C:\Windows\System32\temp.000
2008-06-23 16:46 . 1998-04-24 00:00 368,912 --a------ C:\Windows\System32\vbar332.dll
2008-06-23 16:46 . 2001-03-13 14:53 326,656 --a------ C:\Windows\System32\temp.005
2008-06-23 16:46 . 2001-03-13 14:47 164,112 --a------ C:\Windows\System32\temp.001
2008-06-23 16:46 . 2001-03-13 14:45 147,728 --a------ C:\Windows\System32\temp.002
2008-06-23 16:46 . 2002-07-05 18:13 45,056 --a------ C:\Windows\System32\CxxProgressBar.ocx
2008-06-23 16:46 . 2001-03-13 14:47 17,920 --a------ C:\Windows\System32\temp.003
2008-06-23 10:59 . 2008-06-24 14:44 <DIR> d-------- C:\Users\Dr.Tilak\AppData\Roaming\DivX
2008-06-23 10:58 . 2008-06-23 10:58 <DIR> d-------- C:\Program Files\DivX
2008-06-23 10:58 . 2008-06-23 10:58 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-23 10:27 . 2008-06-23 10:27 <DIR> d-------- C:\Users\All Users\DFX
2008-06-23 10:27 . 2008-06-23 10:27 <DIR> d-------- C:\ProgramData\DFX
2008-06-23 10:27 . 2008-06-23 10:27 <DIR> d-------- C:\Program Files\Common Files\DFX
2008-06-23 10:19 . 2008-06-24 14:03 <DIR> d-------- C:\Program Files\Morgan
2008-06-23 10:19 . 2002-11-18 23:02 40,960 --a------ C:\Windows\System32\MMAVILNG.exe
2008-06-23 10:08 . 2001-12-28 01:22 315,392 --a------ C:\Windows\System32\iviaudio.ax
2008-06-23 10:08 . 2001-12-28 01:22 34,816 --a------ C:\Windows\System32\mpgaudio.ax
2008-06-20 10:32 . 2008-06-20 11:30 <DIR> d-------- C:\Users\All Users\Bomgar-SCC-485B16A2
2008-06-20 10:32 . 2008-06-20 11:30 <DIR> d-------- C:\ProgramData\Bomgar-SCC-485B16A2
2008-06-17 14:17 . 2008-06-17 14:52 <DIR> d-------- C:\Users\All Users\Bomgar-SCC-485756DC
2008-06-17 14:17 . 2008-06-17 14:52 <DIR> d-------- C:\ProgramData\Bomgar-SCC-485756DC
2008-06-17 08:03 . 2008-06-17 05:50 4,065,744 --a------ C:\Windows\System32\ssartworkz_pc.dll
2008-06-17 08:03 . 2008-06-17 05:50 88,528 --a------ C:\Windows\System32\sszlib_pc.dll
2008-06-16 16:05 . 2008-06-16 16:05 <DIR> d-------- C:\Windows\PrimoPDF4
2008-06-16 16:05 . 2008-06-16 16:05 <DIR> d-------- C:\Program Files\activePDF
2008-06-16 16:05 . 2006-12-12 05:12 176,235 --a------ C:\Windows\System32\Primomonnt.dll
2008-06-12 21:45 . 2008-06-12 21:45 <DIR> d-------- C:\Users\All Users\eMule
2008-06-12 21:45 . 2008-06-12 21:45 <DIR> d-------- C:\ProgramData\eMule
2008-06-12 21:45 . 2008-06-12 21:45 <DIR> d-------- C:\Program Files\eMule
2008-06-12 20:36 . 2008-06-12 20:36 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-06-12 19:25 . 2008-06-12 19:25 966,656 --a------ C:\Windows\System32\VSFilter.dll
2008-06-12 11:42 . 2008-06-12 11:42 <DIR> d-------- C:\Users\All Users\Applications
2008-06-12 11:42 . 2008-06-12 11:42 <DIR> d-------- C:\ProgramData\Applications
2008-06-12 11:42 . 2008-03-27 00:00 84,992 --a------ C:\Windows\System32\lmdimon8.dll
2008-05-31 07:22 . 2008-05-31 07:22 823,296 --a------ C:\Windows\System32\divx_xx0c.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 12:12 --------- d-----w C:\Program Files\Common Files\Skyscape
2008-06-29 12:09 --------- d-----w C:\Program Files\Amazing CD & DVD Burner
2008-06-29 11:53 --------- d-----w C:\Windows\system32\config\systemprofile\AppData\Roaming\VMware
2008-06-29 11:52 --------- d-----w C:\ProgramData\VMware
2008-06-29 07:55 --------- d-----w C:\Users\Dr.Tilak\AppData\Roaming\Skype
2008-06-29 07:01 --------- d-----w C:\Users\Dr.Tilak\AppData\Roaming\skypePM
2008-06-26 09:23 --------- d-----w C:\Users\Dr.Tilak\AppData\Roaming\VMware
2008-06-25 09:19 --------- d-----w C:\ProgramData\WebEx
2008-06-21 06:03 229,460 ----a-w C:\Users\Dr.Tilak\AppData\Roaming\nvModes.dat
2008-06-19 06:30 724,992 ----a-w C:\Windows\iun6002.exe
2008-06-12 09:05 --------- d-----w C:\Program Files\Yahoo!
2008-06-11 06:22 --------- d-----w C:\Program Files\Windows Mail
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-25 04:43 --------- d-----w C:\Program Files\FPDFC
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:22 129,784 ----a-w C:\Windows\System32\PxAFS.DLL
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-16 10:17 --------- d-----w C:\Program Files\skyscape
2008-05-14 12:02 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2008-05-13 20:45 258,352 ----a-w C:\Windows\System32\unicows.dll
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-07 05:33 --------- d-----w C:\Program Files\VMware
2008-05-07 05:33 --------- d-----w C:\Program Files\Common Files\VMware
2008-05-07 05:20 --------- d-----w C:\ProgramData\Bomgar-SCC-482134D6
2008-05-05 07:16 --------- d-----w C:\Program Files\ABC DVD Copy
2008-05-04 14:33 --------- d-----w C:\Program Files\AVS4YOU
2008-05-04 14:08 --------- d-----w C:\ProgramData\AVS4YOU
2008-05-04 14:08 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-28 05:24 --------- d-----w C:\Program Files\Windows Resource Kits
2008-04-28 05:11 0 ----a-w C:\Users\Dr.Tilak\reset.cmd
2008-04-27 13:50 6,139,760 ----a-w C:\Users\Dr.Tilak\WindowsUpdateAgent30-x86.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-10 07:41 174 --sha-w C:\Program Files\desktop.ini
2008-04-10 07:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-10 07:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-10 06:52 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-04-10 06:52 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-04-10 06:40 1,263 ----a-w C:\reset.cmd
2007-11-19 04:03 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-19 04:03 32 ----a-w C:\ProgramData\ezsid.dat
2006-04-04 19:39 37,907 ----a-w C:\Windows\inf\iBcT0201.sys
2006-04-04 19:39 36,957 ----a-w C:\Windows\inf\iBurst.sys
2006-03-28 19:25 37,362 ----a-w C:\Windows\inf\iBurstu.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-23 09:26 77824]
"PMX Daemon"="ICO.EXE" [2006-11-08 15:01 49152 C:\Windows\System32\ico.exe]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-02-15 17:31 66560]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-03-08 16:43 218688]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 13:37 174872]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 09:21 648072]
"tsnp2std"="C:\Windows\tsnp2std.exe" [2006-05-22 10:37 262144]
"snp2std"="C:\Windows\vsnp2std.exe" [2006-05-15 15:52 675840]
"izziReminder"="C:\Program Files\iZZi driver\izziReminder.exe" [2007-06-26 17:11 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-16 20:49 159744]
"SigmatelSysTrayApp"="sttray.exe" [2007-04-17 22:02 303104 C:\Windows\sttray.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016]
"Intense Registry Service"="IntEdReg.exe" [2000-08-10 10:32 43008 C:\Windows\System32\intedreg.exe]
"5698e9fa"="C:\Windows\system32\gjpujpbu.dll" [2008-06-29 15:33 81920]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2007-12-05 18:30 3900936]

C:\Users\Dr.Tilak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
iZZi_UTD_UTU.lnk - C:\Program Files\iZZi driver\iZZi_UTD_UTU\iBurst_Terminal_UTL.exe [3/29/2006 3:25:00 AM 311296]
Skyscape SmartUpdate.lnk - C:\Program Files\Common Files\Skyscape\SmartUpdate.exe [6/17/2008 5:33:26 AM 12492800]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/23/2007 9:30:33 AM 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [8/23/2007 9:28:49 AM 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0CCB7673-04D5-4DE7-916B-384A3642BAF4}"= C:\Windows\system32\ddcDwWpP.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1191999531-3282144155-2898381799-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{43B92740-5F12-4600-B3A1-241C79A4B09C}C:\\program files\\microsoft office communicator\\communicator.exe"= UDP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"UDP Query User{11B44ADC-D3EB-432C-BB28-E2F4291A3A73}C:\\program files\\microsoft office communicator\\communicator.exe"= TCP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"TCP Query User{EC4440AD-8AF4-4280-B88D-02E327D0C14D}C:\\program files\\microsoft office communicator\\communicator.exe"= UDP:C:\program files\microsoft office communicator\communicator.exe:Microsoft Office Communicator 2005
"UDP Query User{0CB8E6EE-BBB8-4B35-8D5A-F7D148F5A9DA}C:\\program files\\microsoft office communicator\\communicator.exe"= TCP:C:\program files\microsoft office communicator\communicator.exe:Microsoft Office Communicator 2005
"TCP Query User{4325FF7A-5CC8-4A8F-A1C0-AA07A4F2E729}C:\\program files\\mobility manager\\mobility manager\\fmm.exe"= UDP:C:\program files\mobility manager\mobility manager\fmm.exe:Mobility Manager
"UDP Query User{B6D8D80D-B1DB-4593-81C7-06AFE905BBB6}C:\\program files\\mobility manager\\mobility manager\\fmm.exe"= TCP:C:\program files\mobility manager\mobility manager\fmm.exe:Mobility Manager
"TCP Query User{78E54C1A-D397-46C6-9EE8-5D728FAB9E53}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{AADC4C1B-77B5-465C-96F1-74732556A6AA}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{FBDCC716-5F31-4FEA-AB65-A33C0DE1326A}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DFFAD306-0DA8-497B-B360-4A734F888005}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DBFEFADD-D8D3-49EB-AAB0-B5CF934F538E}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{72BCC1D7-E4AE-45CE-B1BE-DF73787986E7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{B03EBE82-D745-43D2-8ABD-A84B8DDCEBED}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{2F473106-F3F4-473A-827D-AE005561B437}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{AD67437B-755C-498F-83B2-F37503D3A165}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C5161C5C-0DF8-4A45-825D-247211A98492}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A5766B7C-B357-496F-80AC-DE28E1BDE39C}C:\\users\\dr.tilak\\appdata\\local\\temp\\lrefc0c.tmp\\bin\\java.exe"= UDP:C:\users\dr.tilak\appdata\local\temp\lrefc0c.tmp\bin\java.exe:java.exe
"UDP Query User{70C7C649-2AE3-48F3-94C4-64E51984CEAB}C:\\users\\dr.tilak\\appdata\\local\\temp\\lrefc0c.tmp\\bin\\java.exe"= TCP:C:\users\dr.tilak\appdata\local\temp\lrefc0c.tmp\bin\java.exe:java.exe
"TCP Query User{5D2E1BA9-D3AB-4E00-849C-2B2C590B375A}C:\\program files\\sybase\\easerver\\bin\\jagsrv.exe"= UDP:C:\program files\sybase\easerver\bin\jagsrv.exe:Jaguar CTS - Component Transaction Server
"UDP Query User{D23A0A77-47A8-4213-82CA-EBCF398D4974}C:\\program files\\sybase\\easerver\\bin\\jagsrv.exe"= TCP:C:\program files\sybase\easerver\bin\jagsrv.exe:Jaguar CTS - Component Transaction Server
"TCP Query User{5A3EC37B-C0F2-4C64-B9CD-A687FB886A3B}C:\\users\\dr.tilak\\desktop\\ipmsg.exe"= UDP:C:\users\dr.tilak\desktop\ipmsg.exe:ipmsg.exe
"UDP Query User{497AF3F1-CD44-4B8F-A340-0A1AF8847F01}C:\\users\\dr.tilak\\desktop\\ipmsg.exe"= TCP:C:\users\dr.tilak\desktop\ipmsg.exe:ipmsg.exe
"TCP Query User{DD239415-3577-4231-8A37-2C02DC7384FB}C:\\users\\dr.tilak\\desktop\\ipmsg.exe"= UDP:C:\users\dr.tilak\desktop\ipmsg.exe:ipmsg.exe
"UDP Query User{057E0772-7F02-4713-92B3-3119A9F3C9D1}C:\\users\\dr.tilak\\desktop\\ipmsg.exe"= TCP:C:\users\dr.tilak\desktop\ipmsg.exe:ipmsg.exe
"{F043DDB0-2ECC-4603-A380-EB8E20119C5D}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{326A9DE9-4453-4C16-BB6E-EBAF5217752A}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{00E73738-A96F-427A-A706-70AB27EAE130}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{482A303B-BE78-4012-8486-EA052716A7D6}C:\\program files\\ca\\etrust antivirus\\realmon.exe"= UDP:C:\program files\ca\etrust antivirus\realmon.exe:Realmon
"UDP Query User{A0915ED4-C298-4959-ADCF-2B176EA903B3}C:\\program files\\ca\\etrust antivirus\\realmon.exe"= TCP:C:\program files\ca\etrust antivirus\realmon.exe:Realmon
"TCP Query User{C538B7B6-E6A6-4355-8822-A485B976CDCA}C:\\program files\\ca\\etrust antivirus\\shellscn.exe"= UDP:C:\program files\ca\etrust antivirus\shellscn.exe:Shellscn
"UDP Query User{C985F33F-32D2-47BA-AE4D-8875FF05AEA0}C:\\program files\\ca\\etrust antivirus\\shellscn.exe"= TCP:C:\program files\ca\etrust antivirus\shellscn.exe:Shellscn
"{029A19AB-CEC4-4F9F-999C-4B40FE0F4F90}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6BCA11A3-2172-4BEF-AB1E-61976376003E}I:\\laptop sync\\drive d\\software\\ip messenger\\ipmsg.exe"= UDP:I:\laptop sync\drive d\software\ip messenger\ipmsg.exe:IPMsg English
"UDP Query User{C6868CA0-D6E6-4F59-BA00-BF4AD7F428B8}I:\\laptop sync\\drive d\\software\\ip messenger\\ipmsg.exe"= TCP:I:\laptop sync\drive d\software\ip messenger\ipmsg.exe:IPMsg English
"{F5458C58-A2DE-4967-A9B5-2592587B8565}"= UDP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"{02322D46-561C-4B02-8023-B5A75F0CDC12}"= TCP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"{2BF900C4-17AB-49A8-B899-9C6E8C28B0D0}"= UDP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"{7269B25B-8A6B-4B36-A666-2C7E3FB0ED84}"= TCP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"TCP Query User{FD4AD169-6498-48AA-9FF5-7A01CC1380F6}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{85884310-1236-49A4-93D6-457FBFB3326A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{EB13856C-8485-4ED6-B183-BE32A4A172EA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{686FCBC4-76BC-445E-92E6-EC8F274D1FD7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A61821CC-B8F7-4475-B8E2-8A05688EFD43}"= UDP:C:\Users\Dr.Tilak\Desktop\utorrent.exe:µTorrent
"{8EA9EABE-153A-4DCE-A0D4-B7C9FF964A24}"= TCP:C:\Users\Dr.Tilak\Desktop\utorrent.exe:µTorrent
"{4F959B78-7D62-4956-9CF6-B0675FC97FE1}"= UDP:C:\utorrent.exe:µTorrent
"{13783F91-DA01-49B1-8E15-89ADB24EDCCA}"= TCP:C:\utorrent.exe:µTorrent
"{EE63A788-18E9-4BDE-85E7-FDDACA8F7E17}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{902AC5F5-6006-41E5-98E9-D2801E56D24E}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{EED19DEE-A37E-4EFE-AC0B-22EA242A7089}C:\\program files\\ca\\etrust antivirus\\inocit.exe"= UDP:C:\program files\ca\etrust antivirus\inocit.exe:InocIT
"UDP Query User{34464EB9-9FB2-4B96-A8E4-A50555DAA5A1}C:\\program files\\ca\\etrust antivirus\\inocit.exe"= TCP:C:\program files\ca\etrust antivirus\inocit.exe:InocIT
"TCP Query User{5B41A558-4089-4ECB-9329-A7FE1924E0A3}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{D2A0D3F1-09AB-48B3-9896-AE1EA48AB5CF}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

R0 PBADRV;PBADRV;C:\Windows\system32\DRIVERS\PBADRV.sys [2006-08-28 15:00]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 BthFilterHelper;Bluetooth Feature Support;"C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe" [2006-11-07 18:26]
R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2004-07-23 17:06]
R2 ufad-p2v;VMware Converter Service;"C:\Program Files\VMware\VMware Converter\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Converter\\" -s ufad-p2v.xml []
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;C:\Program Files\VMware\VMware Converter\vstor2-p2v30.sys [2007-04-19 17:38]
R2 WavxDMgr;WavxDMgr;C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-02-15 17:31]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-19 14:44]
S2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
S2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
S3 BTHFILT;Bluetooth Command Filter;C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-06 01:51]
S3 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe" [2005-03-23 15:17]
S3 ft1000;Flarion Flash OFDM wireless service;C:\Windows\system32\DRIVERS\ft1000.sys [2005-11-14 17:54]
S3 iBurstu;iBurst Terminal;C:\Windows\system32\DRIVERS\iBurstu.sys [2006-03-29 03:25]
S3 msloop;Microsoft Loopback Adapter Driver;C:\Windows\system32\DRIVERS\loop.sys [2006-11-02 16:57]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 15:36]
S3 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-02-16 13:07]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-06-07 10:34]
Start Pending2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2008-03-04 13:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1df635de-664e-11dc-b7f7-001a6b8ad1b3}]
\shell\Auto\command - F:\pagefile.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\pagefile.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28a4a650-076c-11dd-ba1b-ecccb8b46851}]
\shell\Auto\command - F:\MicrosoftPowerPoint.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ea95f2-eb1f-11dc-8f2c-c97056e35489}]
\shell\Auto\command - pagefile.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{670758cf-1a49-11dd-8508-d5f661c492fe}]
\shell\AutoRun\command - F:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d47d5204-6991-11dc-b6a3-001c23909133}]
\shell\AutoRun\command - WScript.exe Iexplore.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec087d7b-2c5b-11dd-ad90-942f06cf93f2}]
\shell\AutoRun\command - F:\ie.exe
\shell\explore\Command - F:\ie.exe
\shell\open\Command - F:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3d3a5ac-e5d2-11dc-a9d4-808eb8346552}]
\shell\Auto\command - pagefile.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 05:11:41 C:\Windows\Tasks\User_Feed_Synchronization-{13CB7912-98DC-40A5-9AF3-45BA09B18601}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 03:16:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\gjpujpbu.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\skyscape\Desktop\smARTalerts\smARTalerts.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\SharedComponents\ScanEngine\Inodist.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\stacsv.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Windows\System32\vmnat.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\System32\vmnetdhcp.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-06-30 3:20:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 19:20:13

Pre-Run: 991,956,992 bytes free
Post-Run: 1,454,780,416 bytes free

364 --- E O F --- 2008-06-26 02:37:03


[b]Also did dss.exe scan and below are the main.txt and extra.txt

Deckard's System Scanner v20071014.68
Run by Dr.Tilak on 2008-06-30 03:44:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-06-29 19:25:06 UTC - RP394 - Windows Defender Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.65 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-30 03:47:13
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\iZZi driver\izziReminder.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\iZZi driver\iZZi_UTD_UTU\iBurst_Terminal_UTL.exe
C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dr.Tilak\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.as...;l=en&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mysklu-dc01:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [izziReminder] C:\Program Files\iZZi driver\izziReminder.exe /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [5698e9fa] rundll32.exe "C:\Windows\system32\gjpujpbu.dll",b
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Startup: iZZi_UTD_UTU.lnk = C:\Program Files\iZZi driver\iZZi_UTD_UTU\iBurst_Terminal_UTL.exe
O4 - Startup: Skyscape SmartUpdate.lnk = C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O15 - Trusted Zone: http://hychoo (HKCU)
O15 - Trusted IP Range: http://192.168.19.56 (HKCU)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\System32\IoctlSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\System32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\System32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 11244 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X>
R0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; Application Driver>
R2 INO_FLTR - \??\c:\windows\system32\drivers\ino_fltr.sys
R2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys <Not Verified; VMware, Inc.; VMware bridge driver (32-bit)>
R2 VMnetuserif (VMware Network Application Interface) - \??\c:\windows\system32\drivers\vmnetuserif.sys
R2 vmx86 (VMware vmx86) - \??\c:\windows\system32\drivers\vmx86.sys
R2 WavxDMgr - c:\windows\system32\drivers\wavxdmgr.sys <Not Verified; Wave Systems Corp.; Document Manager>

S3 CSRBC (CSRBC.Sys CSR test driver) - c:\windows\system32\drivers\csrbcxp.sys <Not Verified; CSR, plc; CsrUsb Device Driver>
S3 ft1000 (Flarion Flash OFDM wireless service) - c:\windows\system32\drivers\ft1000.sys <Not Verified; Flarion Technologies, Inc.; Windows ® 2000 DDK driver>
S3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BthFilterHelper (Bluetooth Feature Support) - "c:\program files\csr\vista profile pack\bthfilterhelper.exe" <Not Verified; CSR, plc; BthFilter Helper Service>
R2 InoRPC (eTrust Antivirus RPC Server) - "c:\program files\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoRT (eTrust Antivirus Realtime Server) - "c:\program files\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoTask (eTrust Antivirus Job Server) - "c:\program files\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 LogWatch (Event Log Watch) - "c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" <Not Verified; Computer Associates; Computer Associates LogWatNT>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 ufad-p2v (VMware Converter Service) - "c:\program files\vmware\vmware converter\vmware-ufad.exe" -d "c:\program files\vmware\vmware converter\\" -s ufad-p2v.xml <Not Verified; VMware, Inc.; VMware Converter>
R2 VMAuthdService (VMware Authorization Service) - "c:\program files\vmware\vmware server\vmware-authd.exe" <Not Verified; VMware, Inc.; VMware Server>
R2 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Server>
R2 vmserverdWin32 (VMware Registration Service) - c:\program files\vmware\vmware server\vmserverdwin32.exe <Not Verified; VMware, Inc.; VMware Server>
R2 VMware NAT Service - c:\windows\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Server>

S2 tcsd_win32.exe (NTRU TSS v1.2.1.12 TCS) - "c:\program files\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"
S3 CA_LIC_CLNT (CA License Client) - "c:\program files\ca\sharedcomponents\ca_lic\\lic98rmt.exe" <Not Verified; Computer Associates International Inc.; Lic98>
S3 SecureStorageService - "c:\program files\wave systems corp\secure storage manager\securestorageservice.exe" <Not Verified; Wave Systems Corp.; Secure Storage Manager>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-29 13:11:41 424 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{13CB7912-98DC-40A5-9AF3-45BA09B18601}.job


-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-30 03:06:12 68096 --a------ C:\Windows\zip.exe
2008-06-30 03:06:12 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-30 03:06:12 98816 --a------ C:\Windows\sed.exe
2008-06-30 03:06:12 80412 --a------ C:\Windows\grep.exe
2008-06-30 03:06:12 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-30 03:06:11 49152 --a------ C:\Windows\VFind.exe
2008-06-30 03:06:11 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-30 03:05:35 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 19:42:21 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-29 19:32:09 0 d-------- C:\Users\All Users\Nero
2008-06-29 19:32:09 0 d-------- C:\Program Files\Nero
2008-06-29 19:32:08 0 d-------- C:\Program Files\Common Files\Nero
2008-06-29 15:33:43 81920 --a------ C:\Windows\system32\gjpujpbu.dll
2008-06-26 11:36:59 0 d-------- C:\Program Files\AviSynth 2.5
2008-06-26 11:36:31 0 d-------- C:\Program Files\Avi2Dvd
2008-06-25 15:28:16 0 d-------- C:\Users\All Users\vsosdk
2008-06-24 15:51:08 0 d-------- C:\Program Files\uTorrent
2008-06-24 15:29:29 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-06-24 15:29:29 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-06-24 15:29:29 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-06-24 15:29:29 65602 --a------ C:\Windows\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-06-24 15:29:28 626688 --a------ C:\Windows\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-06-24 15:29:27 0 d-------- C:\Program Files\VSO
2008-06-24 14:09:43 0 d-------- C:\Program Files\AC3Filter
2008-06-24 14:01:49 0 d-------- C:\Program Files\VistaCodecPack
2008-06-24 14:01:04 0 d-------- C:\Users\All Users\VistaCodecs
2008-06-23 16:46:05 368912 --a------ C:\Windows\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-23 16:46:04 0 d-------- C:\Program Files\EasyDVDConverter
2008-06-23 10:58:22 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-23 10:58:20 0 d-------- C:\Program Files\DivX
2008-06-23 10:27:41 0 d-------- C:\Users\All Users\DFX
2008-06-23 10:27:40 0 d-------- C:\Program Files\Common Files\DFX
2008-06-23 10:19:30 40960 --a------ C:\Windows\system32\MMAVILNG.exe
2008-06-23 10:19:30 0 d-------- C:\Program Files\Morgan
2008-06-20 10:32:02 0 d-------- C:\Users\All Users\Bomgar-SCC-485B16A2
2008-06-17 14:17:00 0 d-------- C:\Users\All Users\Bomgar-SCC-485756DC
2008-06-16 16:05:44 176235 --a------ C:\Windows\system32\Primomonnt.dll
2008-06-16 16:05:42 0 d-------- C:\Windows\PrimoPDF4
2008-06-16 16:05:42 0 d-------- C:\Program Files\activePDF
2008-06-12 21:45:49 0 d-------- C:\Users\All Users\eMule
200