Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:Win32/Vundo.gen - Please verify my logs to see if I'm still

Started by Malchik , Jul 01 2008 01:44 AM

  • This topic is locked This topic is locked

#1
Malchik
Posted 01 July 2008 - 01:44 AM

Malchik

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

I have posted a query two days back.Guess you must all be pretty busy.Below are the logs then. Now I have downloaded Lavasoft Ad-Aware and SUPER AntiSpyware and ran some scans. I have taken out logs from dss.exe. The first scan is in blue font.The second-latest one is in Red font. Request someone to go through and let me know if I am still infected.

Thank you -



ComboFix 08-06-20.4 - Dr.Tilak 2008-06-30 3:07:39.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1937 [GMT 8:00]
Running from: C:\Users\Dr.Tilak\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Dr.Tilak\AppData\Roaming\inst.exe
C:\Windows\dc.exe
C:\Windows\System32\bdLRqBeg.ini
C:\Windows\System32\bdLRqBeg.ini2
C:\Windows\system32\ddcDwWpP.dll
C:\Windows\system32\geBqRLdb.dll
C:\Windows\system32\nnnmnnLe.dll
C:\Windows\system32\Penx.dat
C:\Windows\system32\ubpjupjg.ini
C:\Windows\system32\Xpen.dat

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 19:42 . 2008-06-29 22:36 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-29 19:37 . 2008-06-29 19:37 <DIR> d-------- C:\Users\Dr.Tilak\AppData\Roaming\Nero
2008-06-29 19:32 . 2008-06-29 19:32 <DIR> d-------- C:\Users\All Users\Nero
2008-06-29 19:32 . 2008-06-29 19:32 <DIR> d-------- C:\ProgramData\Nero
2008-06-29 19:32 . 2008-06-29 19:32 <DIR> d-------- C:\Program Files\Nero
2008-06-29 19:32 . 2008-06-29 19:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-29 15:33 . 2008-06-29 15:33 81,920 --a------ C:\Windows\System32\gjpujpbu.dll
2008-06-26 12:56 . 1997-07-19 16:55 1,347,344 --a------ C:\Windows\system\Msvbvm50.dll
2008-06-26 11:36 . 2008-06-26 11:37 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-26 11:36 . 2008-06-29 20:08 <DIR> d-------- C:\Program Files\Avi2Dvd
2008-06-25 15:28 . 2008-06-25 15:28 <DIR> d-------- C:\Users\All Users\vsosdk
2008-06-25 15:28 . 2008-06-25 15:28 <DIR> d-------- C:\ProgramData\vsosdk
2008-06-24 15:51 . 2008-06-29 19:50 <DIR> d-------- C:\Users\Dr.Tilak\AppData\Roaming\uTorrent
2008-06-24 15:51 . 2008-06-24 15:51 <DIR> d-------- C:\Program Files\uTorrent
2008-06-24 15:50 . 2008-06-24 15:50 219,952 --a------ C:\utorrent.exe
2008-06-24 15:29 . 2008-06-25 15:43 <DIR> d-------- C:\Users\Dr.Tilak\AppData\Roaming\Vso
2008-06-24 15:29 . 2008-06-24 15:29 <DIR> d-------- C:\Program Files\VSO
2008-06-24 15:29 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-06-24 15:29 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-06-24 15:29 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-06-24 15:29 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-06-24 15:29 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-06-24 15:29 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-06-24 15:29 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-06-24 15:29 . 2008-06-24 15:29 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-06-24 15:29 . 2008-06-24 15:29 47,360 --a------ C:\Users\Dr.Tilak\AppData\Roaming\pcouffin.sys
2008-06-24 14:09 . 2008-06-24 14:09 <DIR> d-------- C:\Program Files\AC3Filter
2008-06-24 14:09 . 2007-08-18 15:54 380,928 --a------ C:\Windows\System32\ac3filter.acm
2008-06-24 14:01 . 2008-06-24 14:01 <DIR> d-------- C:\Users\All Users\VistaCodecs
2008-06-24 14:01 . 2008-06-24 14:01 <DIR> d-------- C:\ProgramData\VistaCodecs
2008-06-24 14:01 . 2008-06-24 14:01 <DIR> d-------- C:\Program Files\VistaCodecPack
2008-06-23 16:46 . 2008-06-23 16:50 <DIR> d-------- C:\Program Files\EasyDVDConverter
2008-06-23 16:46 . 2000-08-20 21:00 1,388,544 --a------ C:\Windows\System32\temp.004
2008-06-23 16:46 . 1999-05-18 19:29 808,700 --a------ C:\Windows\System32\Win.tlb
2008-06-23 16:46 . 2001-03-13 14:47 598,288 --a------ C:\Windows\System32\temp.000
2008-06-23 16:46 . 1998-04-24 00:00 368,912 --a------ C:\Windows\System32\vbar332.dll
2008-06-23 16:46 . 2001-03-13 14:53 326,656 --a------ C:\Windows\System32\temp.005
2008-06-23 16:46 . 2001-03-13 14:47 164,112 --a------ C:\Windows\System32\temp.001
2008-06-23 16:46 . 2001-03-13 14:45 147,728 --a------ C:\Windows\System32\temp.002
2008-06-23 16:46 . 2002-07-05 18:13 45,056 --a------ C:\Windows\System32\CxxProgressBar.ocx
2008-06-23 16:46 . 2001-03-13 14:47 17,920 --a------ C:\Windows\System32\temp.003
2008-06-23 10:59 . 2008-06-24 14:44 <DIR> d-------- C:\Users\Dr.Tilak\AppData\Roaming\DivX
2008-06-23 10:58 . 2008-06-23 10:58 <DIR> d-------- C:\Program Files\DivX
2008-06-23 10:58 . 2008-06-23 10:58 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-23 10:27 . 2008-06-23 10:27 <DIR> d-------- C:\Users\All Users\DFX
2008-06-23 10:27 . 2008-06-23 10:27 <DIR> d-------- C:\ProgramData\DFX
2008-06-23 10:27 . 2008-06-23 10:27 <DIR> d-------- C:\Program Files\Common Files\DFX
2008-06-23 10:19 . 2008-06-24 14:03 <DIR> d-------- C:\Program Files\Morgan
2008-06-23 10:19 . 2002-11-18 23:02 40,960 --a------ C:\Windows\System32\MMAVILNG.exe
2008-06-23 10:08 . 2001-12-28 01:22 315,392 --a------ C:\Windows\System32\iviaudio.ax
2008-06-23 10:08 . 2001-12-28 01:22 34,816 --a------ C:\Windows\System32\mpgaudio.ax
2008-06-20 10:32 . 2008-06-20 11:30 <DIR> d-------- C:\Users\All Users\Bomgar-SCC-485B16A2
2008-06-20 10:32 . 2008-06-20 11:30 <DIR> d-------- C:\ProgramData\Bomgar-SCC-485B16A2
2008-06-17 14:17 . 2008-06-17 14:52 <DIR> d-------- C:\Users\All Users\Bomgar-SCC-485756DC
2008-06-17 14:17 . 2008-06-17 14:52 <DIR> d-------- C:\ProgramData\Bomgar-SCC-485756DC
2008-06-17 08:03 . 2008-06-17 05:50 4,065,744 --a------ C:\Windows\System32\ssartworkz_pc.dll
2008-06-17 08:03 . 2008-06-17 05:50 88,528 --a------ C:\Windows\System32\sszlib_pc.dll
2008-06-16 16:05 . 2008-06-16 16:05 <DIR> d-------- C:\Windows\PrimoPDF4
2008-06-16 16:05 . 2008-06-16 16:05 <DIR> d-------- C:\Program Files\activePDF
2008-06-16 16:05 . 2006-12-12 05:12 176,235 --a------ C:\Windows\System32\Primomonnt.dll
2008-06-12 21:45 . 2008-06-12 21:45 <DIR> d-------- C:\Users\All Users\eMule
2008-06-12 21:45 . 2008-06-12 21:45 <DIR> d-------- C:\ProgramData\eMule
2008-06-12 21:45 . 2008-06-12 21:45 <DIR> d-------- C:\Program Files\eMule
2008-06-12 20:36 . 2008-06-12 20:36 7,680 --a------ C:\Windows\System32\ff_vfw.dll
2008-06-12 19:25 . 2008-06-12 19:25 966,656 --a------ C:\Windows\System32\VSFilter.dll
2008-06-12 11:42 . 2008-06-12 11:42 <DIR> d-------- C:\Users\All Users\Applications
2008-06-12 11:42 . 2008-06-12 11:42 <DIR> d-------- C:\ProgramData\Applications
2008-06-12 11:42 . 2008-03-27 00:00 84,992 --a------ C:\Windows\System32\lmdimon8.dll
2008-05-31 07:22 . 2008-05-31 07:22 823,296 --a------ C:\Windows\System32\divx_xx0c.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 12:12 --------- d-----w C:\Program Files\Common Files\Skyscape
2008-06-29 12:09 --------- d-----w C:\Program Files\Amazing CD & DVD Burner
2008-06-29 11:53 --------- d-----w C:\Windows\system32\config\systemprofile\AppData\Roaming\VMware
2008-06-29 11:52 --------- d-----w C:\ProgramData\VMware
2008-06-29 07:55 --------- d-----w C:\Users\Dr.Tilak\AppData\Roaming\Skype
2008-06-29 07:01 --------- d-----w C:\Users\Dr.Tilak\AppData\Roaming\skypePM
2008-06-26 09:23 --------- d-----w C:\Users\Dr.Tilak\AppData\Roaming\VMware
2008-06-25 09:19 --------- d-----w C:\ProgramData\WebEx
2008-06-21 06:03 229,460 ----a-w C:\Users\Dr.Tilak\AppData\Roaming\nvModes.dat
2008-06-19 06:30 724,992 ----a-w C:\Windows\iun6002.exe
2008-06-12 09:05 --------- d-----w C:\Program Files\Yahoo!
2008-06-11 06:22 --------- d-----w C:\Program Files\Windows Mail
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-25 04:43 --------- d-----w C:\Program Files\FPDFC
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:22 129,784 ----a-w C:\Windows\System32\PxAFS.DLL
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-16 10:17 --------- d-----w C:\Program Files\skyscape
2008-05-14 12:02 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2008-05-13 20:45 258,352 ----a-w C:\Windows\System32\unicows.dll
2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-07 05:33 --------- d-----w C:\Program Files\VMware
2008-05-07 05:33 --------- d-----w C:\Program Files\Common Files\VMware
2008-05-07 05:20 --------- d-----w C:\ProgramData\Bomgar-SCC-482134D6
2008-05-05 07:16 --------- d-----w C:\Program Files\ABC DVD Copy
2008-05-04 14:33 --------- d-----w C:\Program Files\AVS4YOU
2008-05-04 14:08 --------- d-----w C:\ProgramData\AVS4YOU
2008-05-04 14:08 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-28 05:24 --------- d-----w C:\Program Files\Windows Resource Kits
2008-04-28 05:11 0 ----a-w C:\Users\Dr.Tilak\reset.cmd
2008-04-27 13:50 6,139,760 ----a-w C:\Users\Dr.Tilak\WindowsUpdateAgent30-x86.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-04-10 07:41 174 --sha-w C:\Program Files\desktop.ini
2008-04-10 07:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-10 07:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-10 06:52 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-04-10 06:52 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-04-10 06:40 1,263 ----a-w C:\reset.cmd
2007-11-19 04:03 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-19 04:03 32 ----a-w C:\ProgramData\ezsid.dat
2006-04-04 19:39 37,907 ----a-w C:\Windows\inf\iBcT0201.sys
2006-04-04 19:39 36,957 ----a-w C:\Windows\inf\iBurst.sys
2006-03-28 19:25 37,362 ----a-w C:\Windows\inf\iBurstu.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-08-23 09:26 77824]
"PMX Daemon"="ICO.EXE" [2006-11-08 15:01 49152 C:\Windows\System32\ico.exe]
"WavXMgr"="C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-02-15 17:31 66560]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-03-08 16:43 218688]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 13:37 174872]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2004-04-06 17:14 504080]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 09:21 648072]
"tsnp2std"="C:\Windows\tsnp2std.exe" [2006-05-22 10:37 262144]
"snp2std"="C:\Windows\vsnp2std.exe" [2006-05-15 15:52 675840]
"izziReminder"="C:\Program Files\iZZi driver\izziReminder.exe" [2007-06-26 17:11 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-16 20:49 159744]
"SigmatelSysTrayApp"="sttray.exe" [2007-04-17 22:02 303104 C:\Windows\sttray.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016]
"Intense Registry Service"="IntEdReg.exe" [2000-08-10 10:32 43008 C:\Windows\System32\intedreg.exe]
"5698e9fa"="C:\Windows\system32\gjpujpbu.dll" [2008-06-29 15:33 81920]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2007-12-05 18:30 3900936]

C:\Users\Dr.Tilak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
iZZi_UTD_UTU.lnk - C:\Program Files\iZZi driver\iZZi_UTD_UTU\iBurst_Terminal_UTL.exe [3/29/2006 3:25:00 AM 311296]
Skyscape SmartUpdate.lnk - C:\Program Files\Common Files\Skyscape\SmartUpdate.exe [6/17/2008 5:33:26 AM 12492800]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/23/2007 9:30:33 AM 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [8/23/2007 9:28:49 AM 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0CCB7673-04D5-4DE7-916B-384A3642BAF4}"= C:\Windows\system32\ddcDwWpP.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1191999531-3282144155-2898381799-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{43B92740-5F12-4600-B3A1-241C79A4B09C}C:\\program files\\microsoft office communicator\\communicator.exe"= UDP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"UDP Query User{11B44ADC-D3EB-432C-BB28-E2F4291A3A73}C:\\program files\\microsoft office communicator\\communicator.exe"= TCP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"TCP Query User{EC4440AD-8AF4-4280-B88D-02E327D0C14D}C:\\program files\\microsoft office communicator\\communicator.exe"= UDP:C:\program files\microsoft office communicator\communicator.exe:Microsoft Office Communicator 2005
"UDP Query User{0CB8E6EE-BBB8-4B35-8D5A-F7D148F5A9DA}C:\\program files\\microsoft office communicator\\communicator.exe"= TCP:C:\program files\microsoft office communicator\communicator.exe:Microsoft Office Communicator 2005
"TCP Query User{4325FF7A-5CC8-4A8F-A1C0-AA07A4F2E729}C:\\program files\\mobility manager\\mobility manager\\fmm.exe"= UDP:C:\program files\mobility manager\mobility manager\fmm.exe:Mobility Manager
"UDP Query User{B6D8D80D-B1DB-4593-81C7-06AFE905BBB6}C:\\program files\\mobility manager\\mobility manager\\fmm.exe"= TCP:C:\program files\mobility manager\mobility manager\fmm.exe:Mobility Manager
"TCP Query User{78E54C1A-D397-46C6-9EE8-5D728FAB9E53}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{AADC4C1B-77B5-465C-96F1-74732556A6AA}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{FBDCC716-5F31-4FEA-AB65-A33C0DE1326A}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DFFAD306-0DA8-497B-B360-4A734F888005}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DBFEFADD-D8D3-49EB-AAB0-B5CF934F538E}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{72BCC1D7-E4AE-45CE-B1BE-DF73787986E7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{B03EBE82-D745-43D2-8ABD-A84B8DDCEBED}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{2F473106-F3F4-473A-827D-AE005561B437}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{AD67437B-755C-498F-83B2-F37503D3A165}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C5161C5C-0DF8-4A45-825D-247211A98492}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A5766B7C-B357-496F-80AC-DE28E1BDE39C}C:\\users\\dr.tilak\\appdata\\local\\temp\\lrefc0c.tmp\\bin\\java.exe"= UDP:C:\users\dr.tilak\appdata\local\temp\lrefc0c.tmp\bin\java.exe:java.exe
"UDP Query User{70C7C649-2AE3-48F3-94C4-64E51984CEAB}C:\\users\\dr.tilak\\appdata\\local\\temp\\lrefc0c.tmp\\bin\\java.exe"= TCP:C:\users\dr.tilak\appdata\local\temp\lrefc0c.tmp\bin\java.exe:java.exe
"TCP Query User{5D2E1BA9-D3AB-4E00-849C-2B2C590B375A}C:\\program files\\sybase\\easerver\\bin\\jagsrv.exe"= UDP:C:\program files\sybase\easerver\bin\jagsrv.exe:Jaguar CTS - Component Transaction Server
"UDP Query User{D23A0A77-47A8-4213-82CA-EBCF398D4974}C:\\program files\\sybase\\easerver\\bin\\jagsrv.exe"= TCP:C:\program files\sybase\easerver\bin\jagsrv.exe:Jaguar CTS - Component Transaction Server
"TCP Query User{5A3EC37B-C0F2-4C64-B9CD-A687FB886A3B}C:\\users\\dr.tilak\\desktop\\ipmsg.exe"= UDP:C:\users\dr.tilak\desktop\ipmsg.exe:ipmsg.exe
"UDP Query User{497AF3F1-CD44-4B8F-A340-0A1AF8847F01}C:\\users\\dr.tilak\\desktop\\ipmsg.exe"= TCP:C:\users\dr.tilak\desktop\ipmsg.exe:ipmsg.exe
"TCP Query User{DD239415-3577-4231-8A37-2C02DC7384FB}C:\\users\\dr.tilak\\desktop\\ipmsg.exe"= UDP:C:\users\dr.tilak\desktop\ipmsg.exe:ipmsg.exe
"UDP Query User{057E0772-7F02-4713-92B3-3119A9F3C9D1}C:\\users\\dr.tilak\\desktop\\ipmsg.exe"= TCP:C:\users\dr.tilak\desktop\ipmsg.exe:ipmsg.exe
"{F043DDB0-2ECC-4603-A380-EB8E20119C5D}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{326A9DE9-4453-4C16-BB6E-EBAF5217752A}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{00E73738-A96F-427A-A706-70AB27EAE130}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{482A303B-BE78-4012-8486-EA052716A7D6}C:\\program files\\ca\\etrust antivirus\\realmon.exe"= UDP:C:\program files\ca\etrust antivirus\realmon.exe:Realmon
"UDP Query User{A0915ED4-C298-4959-ADCF-2B176EA903B3}C:\\program files\\ca\\etrust antivirus\\realmon.exe"= TCP:C:\program files\ca\etrust antivirus\realmon.exe:Realmon
"TCP Query User{C538B7B6-E6A6-4355-8822-A485B976CDCA}C:\\program files\\ca\\etrust antivirus\\shellscn.exe"= UDP:C:\program files\ca\etrust antivirus\shellscn.exe:Shellscn
"UDP Query User{C985F33F-32D2-47BA-AE4D-8875FF05AEA0}C:\\program files\\ca\\etrust antivirus\\shellscn.exe"= TCP:C:\program files\ca\etrust antivirus\shellscn.exe:Shellscn
"{029A19AB-CEC4-4F9F-999C-4B40FE0F4F90}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{6BCA11A3-2172-4BEF-AB1E-61976376003E}I:\\laptop sync\\drive d\\software\\ip messenger\\ipmsg.exe"= UDP:I:\laptop sync\drive d\software\ip messenger\ipmsg.exe:IPMsg English
"UDP Query User{C6868CA0-D6E6-4F59-BA00-BF4AD7F428B8}I:\\laptop sync\\drive d\\software\\ip messenger\\ipmsg.exe"= TCP:I:\laptop sync\drive d\software\ip messenger\ipmsg.exe:IPMsg English
"{F5458C58-A2DE-4967-A9B5-2592587B8565}"= UDP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"{02322D46-561C-4B02-8023-B5A75F0CDC12}"= TCP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"{2BF900C4-17AB-49A8-B899-9C6E8C28B0D0}"= UDP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"{7269B25B-8A6B-4B36-A666-2C7E3FB0ED84}"= TCP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007
"TCP Query User{FD4AD169-6498-48AA-9FF5-7A01CC1380F6}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{85884310-1236-49A4-93D6-457FBFB3326A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{EB13856C-8485-4ED6-B183-BE32A4A172EA}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{686FCBC4-76BC-445E-92E6-EC8F274D1FD7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A61821CC-B8F7-4475-B8E2-8A05688EFD43}"= UDP:C:\Users\Dr.Tilak\Desktop\utorrent.exe:µTorrent
"{8EA9EABE-153A-4DCE-A0D4-B7C9FF964A24}"= TCP:C:\Users\Dr.Tilak\Desktop\utorrent.exe:µTorrent
"{4F959B78-7D62-4956-9CF6-B0675FC97FE1}"= UDP:C:\utorrent.exe:µTorrent
"{13783F91-DA01-49B1-8E15-89ADB24EDCCA}"= TCP:C:\utorrent.exe:µTorrent
"{EE63A788-18E9-4BDE-85E7-FDDACA8F7E17}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{902AC5F5-6006-41E5-98E9-D2801E56D24E}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{EED19DEE-A37E-4EFE-AC0B-22EA242A7089}C:\\program files\\ca\\etrust antivirus\\inocit.exe"= UDP:C:\program files\ca\etrust antivirus\inocit.exe:InocIT
"UDP Query User{34464EB9-9FB2-4B96-A8E4-A50555DAA5A1}C:\\program files\\ca\\etrust antivirus\\inocit.exe"= TCP:C:\program files\ca\etrust antivirus\inocit.exe:InocIT
"TCP Query User{5B41A558-4089-4ECB-9329-A7FE1924E0A3}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{D2A0D3F1-09AB-48B3-9896-AE1EA48AB5CF}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home

R0 PBADRV;PBADRV;C:\Windows\system32\DRIVERS\PBADRV.sys [2006-08-28 15:00]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 BthFilterHelper;Bluetooth Feature Support;"C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe" [2006-11-07 18:26]
R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2004-07-23 17:06]
R2 ufad-p2v;VMware Converter Service;"C:\Program Files\VMware\VMware Converter\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Converter\\" -s ufad-p2v.xml []
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;C:\Program Files\VMware\VMware Converter\vstor2-p2v30.sys [2007-04-19 17:38]
R2 WavxDMgr;WavxDMgr;C:\Windows\system32\DRIVERS\WavxDMgr.sys [2007-02-15 17:31]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-03-19 14:44]
S2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
S2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
S3 BTHFILT;Bluetooth Command Filter;C:\Windows\system32\DRIVERS\BthFilt.sys [2007-05-06 01:51]
S3 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe" [2005-03-23 15:17]
S3 ft1000;Flarion Flash OFDM wireless service;C:\Windows\system32\DRIVERS\ft1000.sys [2005-11-14 17:54]
S3 iBurstu;iBurst Terminal;C:\Windows\system32\DRIVERS\iBurstu.sys [2006-03-29 03:25]
S3 msloop;Microsoft Loopback Adapter Driver;C:\Windows\system32\DRIVERS\loop.sys [2006-11-02 16:57]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 15:36]
S3 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-02-16 13:07]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-06-07 10:34]
Start Pending2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2008-03-04 13:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1df635de-664e-11dc-b7f7-001a6b8ad1b3}]
\shell\Auto\command - F:\pagefile.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\pagefile.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28a4a650-076c-11dd-ba1b-ecccb8b46851}]
\shell\Auto\command - F:\MicrosoftPowerPoint.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49ea95f2-eb1f-11dc-8f2c-c97056e35489}]
\shell\Auto\command - pagefile.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{670758cf-1a49-11dd-8508-d5f661c492fe}]
\shell\AutoRun\command - F:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d47d5204-6991-11dc-b6a3-001c23909133}]
\shell\AutoRun\command - WScript.exe Iexplore.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec087d7b-2c5b-11dd-ad90-942f06cf93f2}]
\shell\AutoRun\command - F:\ie.exe
\shell\explore\Command - F:\ie.exe
\shell\open\Command - F:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3d3a5ac-e5d2-11dc-a9d4-808eb8346552}]
\shell\Auto\command - pagefile.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 05:11:41 C:\Windows\Tasks\User_Feed_Synchronization-{13CB7912-98DC-40A5-9AF3-45BA09B18601}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 03:16:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\gjpujpbu.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\skyscape\Desktop\smARTalerts\smARTalerts.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\SharedComponents\ScanEngine\Inodist.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\stacsv.exe
C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Windows\System32\vmnat.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\System32\vmnetdhcp.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-06-30 3:20:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 19:20:13

Pre-Run: 991,956,992 bytes free
Post-Run: 1,454,780,416 bytes free

364 --- E O F --- 2008-06-26 02:37:03


[b]Also did dss.exe scan and below are the main.txt and extra.txt

Deckard's System Scanner v20071014.68
Run by Dr.Tilak on 2008-06-30 03:44:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-06-29 19:25:06 UTC - RP394 - Windows Defender Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.65 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-30 03:47:13
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\ico.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\iZZi driver\izziReminder.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\iZZi driver\iZZi_UTD_UTU\iBurst_Terminal_UTL.exe
C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dr.Tilak\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell....s...;l=en&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mysklu-dc01:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [izziReminder] C:\Program Files\iZZi driver\izziReminder.exe /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [5698e9fa] rundll32.exe "C:\Windows\system32\gjpujpbu.dll",b
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Startup: iZZi_UTD_UTU.lnk = C:\Program Files\iZZi driver\iZZi_UTD_UTU\iBurst_Terminal_UTL.exe
O4 - Startup: Skyscape SmartUpdate.lnk = C:\Program Files\Common Files\Skyscape\SmartUpdate.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O15 - Trusted Zone: http://hychoo (HKCU)
O15 - Trusted IP Range: http://192.168.19.56 (HKCU)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\System32\IoctlSvc.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - C:\Program Files\VMware\VMware Converter\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\System32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\System32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


--
End of file - 11244 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X>
R0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; Application Driver>
R2 INO_FLTR - \??\c:\windows\system32\drivers\ino_fltr.sys
R2 VMnetBridge (VMware Bridge Protocol) - c:\windows\system32\drivers\vmnetbridge.sys <Not Verified; VMware, Inc.; VMware bridge driver (32-bit)>
R2 VMnetuserif (VMware Network Application Interface) - \??\c:\windows\system32\drivers\vmnetuserif.sys
R2 vmx86 (VMware vmx86) - \??\c:\windows\system32\drivers\vmx86.sys
R2 WavxDMgr - c:\windows\system32\drivers\wavxdmgr.sys <Not Verified; Wave Systems Corp.; Document Manager>

S3 CSRBC (CSRBC.Sys CSR test driver) - c:\windows\system32\drivers\csrbcxp.sys <Not Verified; CSR, plc; CsrUsb Device Driver>
S3 ft1000 (Flarion Flash OFDM wireless service) - c:\windows\system32\drivers\ft1000.sys <Not Verified; Flarion Technologies, Inc.; Windows ® 2000 DDK driver>
S3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BthFilterHelper (Bluetooth Feature Support) - "c:\program files\csr\vista profile pack\bthfilterhelper.exe" <Not Verified; CSR, plc; BthFilter Helper Service>
R2 InoRPC (eTrust Antivirus RPC Server) - "c:\program files\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoRT (eTrust Antivirus Realtime Server) - "c:\program files\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoTask (eTrust Antivirus Job Server) - "c:\program files\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 LogWatch (Event Log Watch) - "c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" <Not Verified; Computer Associates; Computer Associates LogWatNT>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 ufad-p2v (VMware Converter Service) - "c:\program files\vmware\vmware converter\vmware-ufad.exe" -d "c:\program files\vmware\vmware converter\\" -s ufad-p2v.xml <Not Verified; VMware, Inc.; VMware Converter>
R2 VMAuthdService (VMware Authorization Service) - "c:\program files\vmware\vmware server\vmware-authd.exe" <Not Verified; VMware, Inc.; VMware Server>
R2 VMnetDHCP (VMware DHCP Service) - c:\windows\system32\vmnetdhcp.exe <Not Verified; VMware, Inc.; VMware Server>
R2 vmserverdWin32 (VMware Registration Service) - c:\program files\vmware\vmware server\vmserverdwin32.exe <Not Verified; VMware, Inc.; VMware Server>
R2 VMware NAT Service - c:\windows\system32\vmnat.exe <Not Verified; VMware, Inc.; VMware Server>

S2 tcsd_win32.exe (NTRU TSS v1.2.1.12 TCS) - "c:\program files\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"
S3 CA_LIC_CLNT (CA License Client) - "c:\program files\ca\sharedcomponents\ca_lic\\lic98rmt.exe" <Not Verified; Computer Associates International Inc.; Lic98>
S3 SecureStorageService - "c:\program files\wave systems corp\secure storage manager\securestorageservice.exe" <Not Verified; Wave Systems Corp.; Secure Storage Manager>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-29 13:11:41 424 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{13CB7912-98DC-40A5-9AF3-45BA09B18601}.job


-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-30 03:06:12 68096 --a------ C:\Windows\zip.exe
2008-06-30 03:06:12 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-30 03:06:12 98816 --a------ C:\Windows\sed.exe
2008-06-30 03:06:12 80412 --a------ C:\Windows\grep.exe
2008-06-30 03:06:12 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-30 03:06:11 49152 --a------ C:\Windows\VFind.exe
2008-06-30 03:06:11 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-30 03:05:35 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-29 19:42:21 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-29 19:32:09 0 d-------- C:\Users\All Users\Nero
2008-06-29 19:32:09 0 d-------- C:\Program Files\Nero
2008-06-29 19:32:08 0 d-------- C:\Program Files\Common Files\Nero
2008-06-29 15:33:43 81920 --a------ C:\Windows\system32\gjpujpbu.dll
2008-06-26 11:36:59 0 d-------- C:\Program Files\AviSynth 2.5
2008-06-26 11:36:31 0 d-------- C:\Program Files\Avi2Dvd
2008-06-25 15:28:16 0 d-------- C:\Users\All Users\vsosdk
2008-06-24 15:51:08 0 d-------- C:\Program Files\uTorrent
2008-06-24 15:29:29 217127 --a------ C:\Windows\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-06-24 15:29:29 208935 --a------ C:\Windows\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-06-24 15:29:29 176165 --a------ C:\Windows\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-06-24 15:29:29 65602 --a------ C:\Windows\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-06-24 15:29:28 626688 --a------ C:\Windows\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-06-24 15:29:27 0 d-------- C:\Program Files\VSO
2008-06-24 14:09:43 0 d-------- C:\Program Files\AC3Filter
2008-06-24 14:01:49 0 d-------- C:\Program Files\VistaCodecPack
2008-06-24 14:01:04 0 d-------- C:\Users\All Users\VistaCodecs
2008-06-23 16:46:05 368912 --a------ C:\Windows\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-23 16:46:04 0 d-------- C:\Program Files\EasyDVDConverter
2008-06-23 10:58:22 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-23 10:58:20 0 d-------- C:\Program Files\DivX
2008-06-23 10:27:41 0 d-------- C:\Users\All Users\DFX
2008-06-23 10:27:40 0 d-------- C:\Program Files\Common Files\DFX
2008-06-23 10:19:30 40960 --a------ C:\Windows\system32\MMAVILNG.exe
2008-06-23 10:19:30 0 d-------- C:\Program Files\Morgan
2008-06-20 10:32:02 0 d-------- C:\Users\All Users\Bomgar-SCC-485B16A2
2008-06-17 14:17:00 0 d-------- C:\Users\All Users\Bomgar-SCC-485756DC
2008-06-16 16:05:44 176235 --a------ C:\Windows\system32\Primomonnt.dll
2008-06-16 16:05:42 0 d-------- C:\Windows\PrimoPDF4
2008-06-16 16:05:42 0 d-------- C:\Program Files\activePDF
2008-06-12 21:45:49 0 d-------- C:\Users\All Users\eMule
200

[color="#ff0000"]Deckard's System Scanner v20071014.68
Run by Dr.Tilak on 2008-07-01 15:33:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color="red"]System Drive C: has 1.41 GiB (less than 15%) free.


-- HijackThis Clo

Attached Files


  • 0

Advertisements

#2
Rorschach112
Posted 01 July 2008 - 12:53 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Don't post multiple topics and don't put logs in colours
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP