Can anyone tell me if my PC is virus free?? NEED HELP

I scanned using Hijack This, Vundo Fix, Combo Fix and SmitFraud Fix...

Here are the logs...

--------------------------------------------------------------------
VundoFix
-----------------------------------------------------------------

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 5:45:21 AM 8/9/2007

Listing files found while scanning....

C:\WINDOWS\nnqtut.ini
C:\windows\system32\opnnlki.dll
C:\WINDOWS\System32\tmp4.tmp.dll
C:\WINDOWS\tutqnn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\nnqtut.ini
C:\WINDOWS\nnqtut.ini Has been deleted!

Attempting to delete C:\windows\system32\opnnlki.dll
C:\windows\system32\opnnlki.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\tmp4.tmp.dll
C:\WINDOWS\System32\tmp4.tmp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\tutqnn.dll
C:\WINDOWS\tutqnn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\opnnlki.dll
C:\windows\system32\opnnlki.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\tmp4.tmp.dll
C:\WINDOWS\System32\tmp4.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

-------------------------------------------------------------
ComboFix
-------------------------------------------------------------

ComboFix 07-08-04.3 - "roldan" 2007-08-09 6:03:49.1 [GMT 8:00] - FAT32
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.True


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\3456346345643.exe
C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Microsoft\20509.dat
C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp15.tmp.exe
C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp2.tmp.exe
C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp3.tmp.exe
C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp4.tmp.exe
C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp66.tmp.exe
C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp67.tmp.exe
C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp68.tmp.exe
C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp8.tmp.exe
C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp9.tmp.exe
C:\DOCUME~1\ROLDAN~1.ROL\STARTM~1\Programs.\Brave-Sentry
C:\DOCUME~1\ROLDAN~1.ROL\STARTM~1\Programs.\Brave-Sentry\Uninstall.lnk
C:\Documents and Settings\All Users.WINDOWS.\documents\settings
C:\Documents and Settings\All Users.WINDOWS.\documents\settings\bot.dll
C:\Documents and Settings\All Users.WINDOWS.\documents\settings\desktop.ini
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\retadpu27.exe
C:\WINDOWS\system32\1_exception.nls
C:\WINDOWS\system32\8161868341.dll
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\dllh8jkd1q7.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\gmc.exe.exe
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\mem950.dll
C:\WINDOWS\system32\qwerty12.exe
C:\WINDOWS\system32\spoolsvv.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\tmp68.tmp.dll
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\zikocc.dll
C:\WINDOWS\wpcjmd.log
C:\WINDOWS\wr.txt
C:\WINDOWS\xhelper.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\asc3550u
-------\DomainService
-------\nm
-------\runtime


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-09 06:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 05:45 <DIR> d-------- C:\VundoFix Backups
2007-08-09 05:45 <DIR> d-------- C:\reports
2007-08-09 05:44 888,569 C:\SmitfraudFix.exe
2007-08-09 05:44 3,890 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-09 05:41 <DIR> d-------- C:\hjt
2007-08-08 19:21 <DIR> d--hs---- C:\FOUND.038
2007-08-08 08:14 <DIR> d--hs---- C:\FOUND.037
2007-08-07 19:25 76,325 --a------ C:\WINDOWS\swfdeftr.exe
2007-08-07 19:25 72,731 --a------ C:\WINDOWS\jugjuygbt.exe
2007-08-07 19:25 <DIR> d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Yahoo!
2007-08-07 19:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo! Companion
2007-08-07 19:21 <DIR> d--hs---- C:\FOUND.036
2007-08-07 12:06 69,690 -ra------ C:\WINDOWS\system32\VTuninst.exe
2007-08-07 12:06 458,752 -ra------ C:\WINDOWS\system32\VTDisply.dll
2007-08-07 12:06 348,160 -ra------ C:\WINDOWS\system32\VTovrlay.dll
2007-08-07 12:06 348,160 -ra------ C:\WINDOWS\system32\VTGamma2.dll
2007-08-07 12:06 229,376 -ra------ C:\WINDOWS\system32\VTInfo2.dll
2007-08-07 12:06 134,144 -ra------ C:\WINDOWS\system32\drivers\vtmini.sys
2007-08-07 12:06 1,951,488 -ra------ C:\WINDOWS\system32\vtdisp.dll
2007-08-07 12:06 1,703,936 -ra------ C:\WINDOWS\system32\vticd.dll
2007-08-07 12:05 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-08-06 22:10 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-08-06 22:09 <DIR> d--hs---- C:\FOUND.035
2007-08-06 22:05 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-06 16:00 74,307 --a------ C:\WINDOWS\ugfvrer.exe
2007-08-06 16:00 73,560 --a------ C:\WINDOWS\feddweer.exe
2007-08-06 08:53 <DIR> d--hs---- C:\FOUND.034
2007-08-06 06:32 50,690 --a------ C:\WINDOWS\tahtyemkme.exe
2007-08-05 11:59 18 --a------ C:\WINDOWS\system32\dncc15ec31.dat
2007-08-05 08:56 13,380 --------- C:\WINDOWS\system32\opnnlki.dll
2007-08-04 10:53 72,429 --a------ C:\WINDOWS\ythgtfer.exe
2007-08-03 09:27 <DIR> d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Ulead Systems
2007-08-03 09:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ulead Systems
2007-08-03 09:26 <DIR> d-------- C:\WINDOWS\Noslip
2007-08-03 09:26 <DIR> d-------- C:\Program Files\Ulead Systems
2007-08-03 09:00 <DIR> d-------- C:\Program Files\Active GIF Creator 3.0
2007-08-03 07:59 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-08-03 07:59 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-08-03 07:59 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-03 07:59 13,824 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-03 07:51 <DIR> d-------- C:\Temp
2007-08-03 07:46 <DIR> d-------- C:\Program Files\DVDVIDEOSOFT
2007-08-03 07:46 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
2007-08-01 18:15 <DIR> d-------- C:\Program Files\Shuangs WAV to MP3 Converter
2007-08-01 16:56 96,352 -ra------ C:\WINDOWS\system32\drivers\k310mdm.sys
2007-08-01 16:56 9,264 -ra------ C:\WINDOWS\system32\drivers\k310mdfl.sys
2007-08-01 16:56 87,824 -ra------ C:\WINDOWS\system32\drivers\k310mgmt.sys
2007-08-01 16:56 85,696 -ra------ C:\WINDOWS\system32\drivers\k310obex.sys
2007-08-01 16:56 60,800 -ra------ C:\WINDOWS\system32\drivers\k310bus.sys
2007-08-01 16:56 6,208 -ra------ C:\WINDOWS\system32\drivers\k310cmnt.sys
2007-08-01 16:56 6,208 -ra------ C:\WINDOWS\system32\drivers\k310cm.sys
2007-08-01 16:56 5,840 -ra------ C:\WINDOWS\system32\drivers\k310whnt.sys
2007-08-01 16:56 5,840 -ra------ C:\WINDOWS\system32\drivers\k310wh.sys
2007-08-01 16:53 <DIR> d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Teleca
2007-08-01 16:50 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-01 16:49 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-08-01 16:48 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-08-01 16:48 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-08-01 16:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Teleca
2007-08-01 16:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony Ericsson
2007-08-01 12:02 75,014 --a------ C:\WINDOWS\sdafrgr.exe
2007-08-01 12:02 70,049 --a------ C:\WINDOWS\hfewtyre.exe
2007-08-01 05:44 48,423 --a------ C:\WINDOWS\hntrguytr.exe
2007-08-01 05:44 47,140 --a------ C:\WINDOWS\esagtrhtr.exe
2007-07-31 20:00 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-07-31 05:31 84,992 --a------ C:\WINDOWS\WebAssist.dll
2007-07-31 05:31 76,593 --a------ C:\WINDOWS\ewfrthhyt.exe
2007-07-31 05:31 69,381 --a------ C:\WINDOWS\yefwergfth.exe
2007-07-30 08:23 <DIR> d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\InstallShield
2007-07-29 20:33 <DIR> d--hs---- C:\FOUND.033
2007-07-27 06:02 <DIR> d--hs---- C:\FOUND.032
2007-07-27 05:57 <DIR> d--hs---- C:\FOUND.031
2007-07-27 05:28 <DIR> d--hs---- C:\FOUND.030
2007-07-26 17:22 <DIR> d--hs---- C:\FOUND.029
2007-07-25 13:51 <DIR> d--hs---- C:\FOUND.028
2007-07-25 12:14 47,140 --a------ C:\WINDOWS\hythjuyre.exe
2007-07-25 12:14 46,559 --a------ C:\WINDOWS\gvrtrrr.exe
2007-07-25 12:14 <DIR> d--hs---- C:\FOUND.027
2007-07-25 07:07 69,826 --a------ C:\WINDOWS\egfrtgtrg.exe
2007-07-25 05:02 <DIR> d--hs---- C:\FOUND.026
2007-07-24 22:01 52,866 --a------ C:\WINDOWS\tfertewd.exe
2007-07-23 19:59 71,824 --a------ C:\WINDOWS\tyewefrfe.exe
2007-07-23 19:59 71,584 --a------ C:\WINDOWS\dgtrdfe.exe
2007-07-22 23:28 <DIR> d-------- C:\Program Files\MathType
2007-07-22 23:28 <DIR> d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Design Science
2007-07-22 16:33 <DIR> d--hs---- C:\FOUND.025
2007-07-22 11:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sandlot Games
2007-07-22 11:29 <DIR> d-------- C:\Program Files\RA Tradewinds Legends v1.0 T.D.H.Legend
2007-07-22 09:56 365,568 --a------ C:\WINDOWS\system32\measintf.dll
2007-07-22 09:55 <DIR> d-------- C:\Program Files\DesignSoft
2007-07-22 05:17 54,415 --a------ C:\WINDOWS\grture.exe
2007-07-20 16:31 71,134 --a------ C:\WINDOWS\egtefertgfe.exe
2007-07-20 16:28 <DIR> d--hs---- C:\FOUND.024
2007-07-20 09:22 48,502 --a------ C:\WINDOWS\yhreegtretrg.exe
2007-07-20 09:19 <DIR> d--hs---- C:\FOUND.023
2007-07-19 07:46 75,053 --a------ C:\WINDOWS\sfgefge.exe
2007-07-19 07:43 <DIR> d--hs---- C:\FOUND.022
2007-07-18 17:17 <DIR> d--hs---- C:\FOUND.021
2007-07-18 09:18 <DIR> d--hs---- C:\FOUND.020


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 06:09 430592 --a------ C:\WINDOWS\system32\winlogon.exe
2007-08-06 06:39 21672 --a------ C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-26 17:20 430592 --a------ C:\WINDOWS\system32\dllcache\winlogon.exe
2007-07-08 10:49 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Media Player Classic
2007-07-08 10:46 --------- d-------- C:\Program Files\MpcStar
2007-07-08 07:16 --------- d-------- C:\Program Files\GameTop.com
2007-07-08 06:14 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\flightgear.org
2007-07-08 06:12 --------- d-------- C:\Program Files\FlightGear
2007-07-06 08:45 --------- d-------- C:\Program Files\Chikka Messenger
2007-07-05 07:38 --------- d-------- C:\Program Files\Cucusoft
2007-07-03 11:26 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\DivX
2007-07-03 11:25 --------- d-------- C:\Program Files\DivX
2007-07-02 16:23 4608 --a------ C:\syseotc.exe
2007-07-02 13:18 --------- d-------- C:\Program Files\Ubi Soft
2007-07-02 13:09 0 --a------ C:\WINDOWS\PowerReg.dat
2007-07-02 13:06 --------- d-------- C:\Program Files\Liquid Entertainment
2007-07-02 10:21 --------- d-------- C:\Program Files\PhoTags Express
2007-07-02 10:14 --------- d-------- C:\Program Files\Avanquest update
2007-07-02 10:13 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-07-02 10:13 --------- d-------- C:\Program Files\Motorola Phone Tools
2007-06-30 12:35 22592 --a------ C:\WINDOWS\system32\Ft7a25tP.exe
2007-06-30 06:25 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-06-28 09:32 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\SmartDraw
2007-06-28 09:00 --------- d-------- C:\Program Files\SmartDraw 2007
2007-06-27 20:33 --------- d-------- C:\Program Files\Furl Toolbar
2007-06-27 05:43 --------- d-------- C:\Program Files\Watanabe-Production and TYPE-MOON
2007-06-27 05:12 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\WinRAR
2007-06-26 18:00 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Google
2007-06-26 16:01 --------- d-------- C:\Program Files\Google
2007-06-25 20:40 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2001-08-23 04:00:00 69,381 --sh--r C:\WINDOWS\system32\memexecu.exe
2001-08-23 04:00:00 71,584 --sh--r C:\WINDOWS\system32\kbldoc.exe
2001-08-23 04:00:00 76,325 --sh--r C:\WINDOWS\system32\cncersh.exe
2001-08-23 04:00:00 50,737 --sh--r C:\WINDOWS\system32\conxgupg.exe
2001-08-23 04:00:00 47,339 --sh--r C:\WINDOWS\system32\advtykem.exe
2001-08-23 04:00:00 71,824 --sh--r C:\WINDOWS\system32\sewsol.exe
2001-08-23 04:00:00 56,780 --sh--r C:\WINDOWS\system32\capnygwe.exe
2001-08-23 04:00:00 75,053 --sh--r C:\WINDOWS\system32\ldcdx.exe
2001-08-23 04:00:00 74,385 --sh--r C:\WINDOWS\system32\mfsysnv.exe
2001-08-23 04:00:00 71,134 --sh--r C:\WINDOWS\system32\assched.exe
2001-08-23 04:00:00 76,593 --sh--r C:\WINDOWS\system32\njcswq.exe
2001-08-23 04:00:00 70,049 --sh--r C:\WINDOWS\system32\himsyseg.exe
2001-08-23 04:00:00 74,307 --sh--r C:\WINDOWS\system32\zewlsm.exe
2001-08-23 04:00:00 75,014 --sh--r C:\WINDOWS\system32\luidms.exe
2001-08-23 04:00:00 72,731 --sh--r C:\WINDOWS\system32\nbkdms.exe
2001-08-23 04:00:00 89,203 --sh--r C:\WINDOWS\system32\clizzxjk.exe
2001-08-23 04:00:00 73,560 --sh--r C:\WINDOWS\system32\depwmce.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
2007-07-31 05:31 84992 --a------ C:\WINDOWS\WebAssist.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-01-15 20:33 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 16:31 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"klibinst"="C:\WINDOWS\System32\kbldoc.exe" [2001-08-23 12:00]
"intscve"="C:\WINDOWS\System32\conxgupg.exe" [2001-08-23 12:00]
"fwddls"="C:\WINDOWS\System32\advtykem.exe" [2001-08-23 12:00]
"solmreg"="C:\WINDOWS\System32\sewsol.exe" [2001-08-23 12:00]
"mplaut"="C:\WINDOWS\System32\ldcdx.exe" [2001-08-23 12:00]
"lsitdm"="C:\WINDOWS\System32\mfsysnv.exe" [2001-08-23 12:00]
"xpsysmt"="C:\WINDOWS\System32\capnygwe.exe" [2001-08-23 12:00]
"winsaavc"="C:\WINDOWS\System32\assched.exe" [2001-08-23 12:00]
"memchds"="C:\WINDOWS\System32\memexecu.exe" [2001-08-23 12:00]
"grepwbh"="C:\WINDOWS\System32\njcswq.exe" [2001-08-23 12:00]
"rmctrs"="C:\WINDOWS\System32\luidms.exe" [2001-08-23 12:00]
"bscfreg"="C:\WINDOWS\System32\himsyseg.exe" [2001-08-23 12:00]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"bcrlt"="C:\WINDOWS\System32\zewlsm.exe" [2001-08-23 12:00]
"dsiknd"="C:\WINDOWS\System32\nbkdms.exe" [2001-08-23 12:00]
"mvcexs"="clizzxjk.exe" [2001-08-23 12:00 C:\WINDOWS\system32\clizzxjk.exe]
"opdbcs"="C:\WINDOWS\System32\depwmce.exe" [2001-08-23 12:00]
"certds"="C:\WINDOWS\System32\cncersh.exe" [2001-08-23 12:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 14:04]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 15:17]
"ChikkaDefault"="C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe" [2006-11-13 10:55]
"klibinst"="C:\WINDOWS\System32\kbldoc.exe" [2001-08-23 12:00]
"intscve"="C:\WINDOWS\System32\conxgupg.exe" [2001-08-23 12:00]
"fwddls"="C:\WINDOWS\System32\advtykem.exe" [2001-08-23 12:00]
"solmreg"="C:\WINDOWS\System32\sewsol.exe" [2001-08-23 12:00]
"mplaut"="C:\WINDOWS\System32\ldcdx.exe" [2001-08-23 12:00]
"lsitdm"="C:\WINDOWS\System32\mfsysnv.exe" [2001-08-23 12:00]
"xpsysmt"="C:\WINDOWS\System32\capnygwe.exe" [2001-08-23 12:00]
"winsaavc"="C:\WINDOWS\System32\assched.exe" [2001-08-23 12:00]
"memchds"="C:\WINDOWS\System32\memexecu.exe" [2001-08-23 12:00]
"grepwbh"="C:\WINDOWS\System32\njcswq.exe" [2001-08-23 12:00]
"rmctrs"="C:\WINDOWS\System32\luidms.exe" [2001-08-23 12:00]
"bscfreg"="C:\WINDOWS\System32\himsyseg.exe" [2001-08-23 12:00]
"bcrlt"="C:\WINDOWS\System32\zewlsm.exe" [2001-08-23 12:00]
"dsiknd"="C:\WINDOWS\System32\nbkdms.exe" [2001-08-23 12:00]
"mvcexs"="clizzxjk.exe" [2001-08-23 12:00 C:\WINDOWS\system32\clizzxjk.exe]
"opdbcs"="C:\WINDOWS\System32\depwmce.exe" [2001-08-23 12:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 18:48]
"certds"="C:\WINDOWS\System32\cncersh.exe" [2001-08-23 12:00]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-07-02 10:21:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\opnnlki.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\codecs]
ipszioog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]
C:\WINDOWS\System32\vedxg6ame4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsHive]
C:\WINDOWS\System32\rpcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe


*Newly Created Service* - ALG
*Newly Created Service* - IPNAT

Contents of the 'Scheduled Tasks' folder
2007-08-08 21:55:28 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2007-08-07 16:00:32 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-07-23 17:00:32 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-06-30 04:37:04 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-06-30 19:01:06 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-07-15 20:00:58 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-02 21:01:36 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 22:01:28 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-07 23:01:42 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 00:00:32 C:\WINDOWS\Tasks\At9.job
2007-08-08 01:01:38 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 02:00:32 C:\WINDOWS\Tasks\At11.job
2007-08-08 03:00:32 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 04:00:32 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 05:00:32 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 06:01:38 C:\WINDOWS\Tasks\At15.job
2007-08-08 07:00:34 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 08:00:34 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 09:00:36 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-03 10:00:32 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 11:01:36 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 12:01:28 C:\WINDOWS\Tasks\At21.job
2007-08-07 13:00:32 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-08 14:01:42 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\System32\Ft7a25tP.exe
2007-08-07 15:00:32 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\System32\Ft7a25tP.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 06:09:23
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32vdo_33cc-1cbe.sys 163840 bytes
C:\WINDOWS\system32vdo_ade-158a.sys 163840 bytes
C:\WINDOWS\system32vdo_g.ini 16384 bytes

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vdo_ade-158a]
"ImagePath"="\??\C:\WINDOWS\System32\vdo_ade-158a.sys"

Completion time: 2007-08-09 6:10:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-09 06:10

--- E O F ---

--------------------------------------------------------
Hijack This
--------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:38 AM, on 8/9/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\kbldoc.exe
C:\WINDOWS\System32\conxgupg.exe
C:\WINDOWS\System32\advtykem.exe
C:\WINDOWS\System32\sewsol.exe
C:\WINDOWS\System32\ldcdx.exe
C:\WINDOWS\System32\mfsysnv.exe
C:\WINDOWS\System32\capnygwe.exe
C:\WINDOWS\System32\assched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\System32\clizzxjk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\internet explorer\iexplore.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.ph/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: XBTB05988 - {5C43B8A2-24E8-4336-B86E-A94558E10C60} - C:\PROGRA~1\FURLTO~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe
O4 - HKLM\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe
O4 - HKLM\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe
O4 - HKLM\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe
O4 - HKLM\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe
O4 - HKLM\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe
O4 - HKLM\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe
O4 - HKLM\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe
O4 - HKLM\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe
O4 - HKLM\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe
O4 - HKLM\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe
O4 - HKLM\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe
O4 - HKLM\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe
O4 - HKLM\..\Run: [mvcexs] clizzxjk.exe
O4 - HKLM\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe
O4 - HKLM\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
O4 - HKCU\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe
O4 - HKCU\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe
O4 - HKCU\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe
O4 - HKCU\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe
O4 - HKCU\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe
O4 - HKCU\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe
O4 - HKCU\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe
O4 - HKCU\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe
O4 - HKCU\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe
O4 - HKCU\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe
O4 - HKCU\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe
O4 - HKCU\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe
O4 - HKCU\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe
O4 - HKCU\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe
O4 - HKCU\..\Run: [mvcexs] clizzxjk.exe
O4 - HKCU\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [mvcexs] clizzxjk.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe (User '?')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{638971BE-EAC9-4B72-9E67-341FCBBCA61F}: NameServer = 195.94.88.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
O20 - AppInit_DLLs: c:\windows\system32\opnnlki.dll
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 11142 bytes

--------------------------------------------------------------
SmitFraudFix
--------------------------------------------------------------

SmitFraudFix v2.210

Scan done at 5:44:23.41, Thu 08/09/2007
Run from C:\Documents and Settings\roldan.ROLDAN-V62Q5PKY\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job FOUND !
C:\WINDOWS\Tasks\At??.job FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\roldan.ROLDAN-V62Q5PKY


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\roldan.ROLDAN-V62Q5PKY\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ROLDAN~1.ROL\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\system32\\opnnlki.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

------------------------------------------------------
------------------------------------------------------
------------------------------------------------------

Could anyone tell me if i'm virus free?? or am i still infected?

And if i am, i need help in removing it... Thanks

 

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

=========


Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

=========


You are currently using an unpatched version of Microsoft XP. It is CRITICAL that you update to Service Pack 1
Please visit this link:
Microsoft Service Pack 1

and install Service Pack 1. If you run into troubles, please post them here.

IMPORTANT: DO NOT update to Service pack 2. Doing so before your computer is clean can cause Windows to become unstable.
We will update to SP2 when you are clean.


Please post back with a HJT log and your computer running with Service pack 1, or with any problems you are having updating.

 

sorry for the delayed reply... it seems that we are on opposite time zones...

anyways... here's the log...


----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:23 AM, on 8/10/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\conxgupg.exe
C:\WINDOWS\System32\advtykem.exe
C:\WINDOWS\System32\capnygwe.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.ph/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: XBTB05988 - {5C43B8A2-24E8-4336-B86E-A94558E10C60} - C:\PROGRA~1\FURLTO~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c5b217b5-0140-4ff3-a331-47528cbb6e0b} - C:\WINDOWS\system32\appgnt.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\System32\tmp4.tmp.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe
O4 - HKLM\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe
O4 - HKLM\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe
O4 - HKLM\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe
O4 - HKLM\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe
O4 - HKLM\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe
O4 - HKLM\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe
O4 - HKLM\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe
O4 - HKLM\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe
O4 - HKLM\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe
O4 - HKLM\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe
O4 - HKLM\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe
O4 - HKLM\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe
O4 - HKLM\..\Run: [mvcexs] clizzxjk.exe
O4 - HKLM\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe
O4 - HKLM\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe
O4 - HKLM\..\Run: [jsispsl] C:\WINDOWS\System32\jdnems.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\jkkifd.dll",forkonce
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
O4 - HKCU\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe
O4 - HKCU\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe
O4 - HKCU\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe
O4 - HKCU\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe
O4 - HKCU\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe
O4 - HKCU\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe
O4 - HKCU\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe
O4 - HKCU\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe
O4 - HKCU\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe
O4 - HKCU\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe
O4 - HKCU\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe
O4 - HKCU\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe
O4 - HKCU\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe
O4 - HKCU\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe
O4 - HKCU\..\Run: [mvcexs] clizzxjk.exe
O4 - HKCU\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe
O4 - HKCU\..\Run: [jsispsl] C:\WINDOWS\System32\jdnems.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [mvcexs] clizzxjk.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe (User '?')
O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [jsispsl] C:\WINDOWS\System32\jdnems.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{638971BE-EAC9-4B72-9E67-341FCBBCA61F}: NameServer = 195.94.88.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
O20 - AppInit_DLLs: c:\windows\system32\opnnlki.dll
O20 - Winlogon Notify: appgnt - C:\WINDOWS\SYSTEM32\appgnt.dll
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\qwerty12.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 12435 bytes

------------------------------------


thanks for the reply...


ok... so, i tried to install the service pack, but unfortunately, it
seems that this copy of windows is illegit... but on the other hand... i had installed
the antivirus and firewall....

what now?

 

Sorry.. I can´t help if your copy is illegal.