1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can anyone tell me if my PC is virus free?? NEED HELP

Discussion in 'Windows - Virus and spyware problems' started by asteg123, Aug 8, 2007.

  1. asteg123

    asteg123 Member

    Joined:
    Aug 8, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    I scanned using Hijack This, Vundo Fix, Combo Fix and SmitFraud Fix...

    Here are the logs...

    --------------------------------------------------------------------
    VundoFix
    -----------------------------------------------------------------

    VundoFix V6.5.7

    Checking Java version...

    Java version is 1.5.0.8
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 5:45:21 AM 8/9/2007

    Listing files found while scanning....

    C:\WINDOWS\nnqtut.ini
    C:\windows\system32\opnnlki.dll
    C:\WINDOWS\System32\tmp4.tmp.dll
    C:\WINDOWS\tutqnn.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\nnqtut.ini
    C:\WINDOWS\nnqtut.ini Has been deleted!

    Attempting to delete C:\windows\system32\opnnlki.dll
    C:\windows\system32\opnnlki.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\tmp4.tmp.dll
    C:\WINDOWS\System32\tmp4.tmp.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\tutqnn.dll
    C:\WINDOWS\tutqnn.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\windows\system32\opnnlki.dll
    C:\windows\system32\opnnlki.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\tmp4.tmp.dll
    C:\WINDOWS\System32\tmp4.tmp.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    -------------------------------------------------------------
    ComboFix
    -------------------------------------------------------------

    ComboFix 07-08-04.3 - "roldan" 2007-08-09 6:03:49.1 [GMT 8:00] - FAT32
    Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.True


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\3456346345643.exe
    C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Microsoft\20509.dat
    C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp15.tmp.exe
    C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp2.tmp.exe
    C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp3.tmp.exe
    C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp4.tmp.exe
    C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp66.tmp.exe
    C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp67.tmp.exe
    C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp68.tmp.exe
    C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp8.tmp.exe
    C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\tmp9.tmp.exe
    C:\DOCUME~1\ROLDAN~1.ROL\STARTM~1\Programs.\Brave-Sentry
    C:\DOCUME~1\ROLDAN~1.ROL\STARTM~1\Programs.\Brave-Sentry\Uninstall.lnk
    C:\Documents and Settings\All Users.WINDOWS.\documents\settings
    C:\Documents and Settings\All Users.WINDOWS.\documents\settings\bot.dll
    C:\Documents and Settings\All Users.WINDOWS.\documents\settings\desktop.ini
    C:\Program Files\winpop
    C:\Program Files\winpop\UnInstall.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\retadpu27.exe
    C:\WINDOWS\system32\1_exception.nls
    C:\WINDOWS\system32\8161868341.dll
    C:\WINDOWS\system32\dllh8jkd1q2.exe
    C:\WINDOWS\system32\dllh8jkd1q5.exe
    C:\WINDOWS\system32\dllh8jkd1q6.exe
    C:\WINDOWS\system32\dllh8jkd1q7.exe
    C:\WINDOWS\system32\dllh8jkd1q8.exe
    C:\WINDOWS\system32\drivers\runtime2.sys
    C:\WINDOWS\system32\drivers\secdrv.sys
    C:\WINDOWS\system32\gmc.exe.exe
    C:\WINDOWS\system32\kernelwind32.exe
    C:\WINDOWS\system32\mem950.dll
    C:\WINDOWS\system32\qwerty12.exe
    C:\WINDOWS\system32\spoolsvv.exe
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\tmp68.tmp.dll
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\system32\winsub.xml
    C:\WINDOWS\system32\zikocc.dll
    C:\WINDOWS\wpcjmd.log
    C:\WINDOWS\wr.txt
    C:\WINDOWS\xhelper.dll


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_ASC3550U
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_RUNTIME
    -------\LEGACY_RUNTIME2
    -------\asc3550u
    -------\DomainService
    -------\nm
    -------\runtime


    ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


    2007-08-09 06:02 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-09 05:45 <DIR> d-------- C:\VundoFix Backups
    2007-08-09 05:45 <DIR> d-------- C:\reports
    2007-08-09 05:44 888,569 C:\SmitfraudFix.exe
    2007-08-09 05:44 3,890 --a------ C:\WINDOWS\system32\tmp.reg
    2007-08-09 05:41 <DIR> d-------- C:\hjt
    2007-08-08 19:21 <DIR> d--hs---- C:\FOUND.038
    2007-08-08 08:14 <DIR> d--hs---- C:\FOUND.037
    2007-08-07 19:25 76,325 --a------ C:\WINDOWS\swfdeftr.exe
    2007-08-07 19:25 72,731 --a------ C:\WINDOWS\jugjuygbt.exe
    2007-08-07 19:25 <DIR> d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Yahoo!
    2007-08-07 19:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo! Companion
    2007-08-07 19:21 <DIR> d--hs---- C:\FOUND.036
    2007-08-07 12:06 69,690 -ra------ C:\WINDOWS\system32\VTuninst.exe
    2007-08-07 12:06 458,752 -ra------ C:\WINDOWS\system32\VTDisply.dll
    2007-08-07 12:06 348,160 -ra------ C:\WINDOWS\system32\VTovrlay.dll
    2007-08-07 12:06 348,160 -ra------ C:\WINDOWS\system32\VTGamma2.dll
    2007-08-07 12:06 229,376 -ra------ C:\WINDOWS\system32\VTInfo2.dll
    2007-08-07 12:06 134,144 -ra------ C:\WINDOWS\system32\drivers\vtmini.sys
    2007-08-07 12:06 1,951,488 -ra------ C:\WINDOWS\system32\vtdisp.dll
    2007-08-07 12:06 1,703,936 -ra------ C:\WINDOWS\system32\vticd.dll
    2007-08-07 12:05 <DIR> d-------- C:\WINDOWS\system32\Tools
    2007-08-06 22:10 <DIR> d-------- C:\Program Files\DAEMON Tools
    2007-08-06 22:09 <DIR> d--hs---- C:\FOUND.035
    2007-08-06 22:05 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-08-06 16:00 74,307 --a------ C:\WINDOWS\ugfvrer.exe
    2007-08-06 16:00 73,560 --a------ C:\WINDOWS\feddweer.exe
    2007-08-06 08:53 <DIR> d--hs---- C:\FOUND.034
    2007-08-06 06:32 50,690 --a------ C:\WINDOWS\tahtyemkme.exe
    2007-08-05 11:59 18 --a------ C:\WINDOWS\system32\dncc15ec31.dat
    2007-08-05 08:56 13,380 --------- C:\WINDOWS\system32\opnnlki.dll
    2007-08-04 10:53 72,429 --a------ C:\WINDOWS\ythgtfer.exe
    2007-08-03 09:27 <DIR> d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Ulead Systems
    2007-08-03 09:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ulead Systems
    2007-08-03 09:26 <DIR> d-------- C:\WINDOWS\Noslip
    2007-08-03 09:26 <DIR> d-------- C:\Program Files\Ulead Systems
    2007-08-03 09:00 <DIR> d-------- C:\Program Files\Active GIF Creator 3.0
    2007-08-03 07:59 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2007-08-03 07:59 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
    2007-08-03 07:59 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-08-03 07:59 13,824 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-08-03 07:51 <DIR> d-------- C:\Temp
    2007-08-03 07:46 <DIR> d-------- C:\Program Files\DVDVIDEOSOFT
    2007-08-03 07:46 <DIR> d-------- C:\Program Files\Common Files\DVDVIDEOSOFT
    2007-08-01 18:15 <DIR> d-------- C:\Program Files\Shuangs WAV to MP3 Converter
    2007-08-01 16:56 96,352 -ra------ C:\WINDOWS\system32\drivers\k310mdm.sys
    2007-08-01 16:56 9,264 -ra------ C:\WINDOWS\system32\drivers\k310mdfl.sys
    2007-08-01 16:56 87,824 -ra------ C:\WINDOWS\system32\drivers\k310mgmt.sys
    2007-08-01 16:56 85,696 -ra------ C:\WINDOWS\system32\drivers\k310obex.sys
    2007-08-01 16:56 60,800 -ra------ C:\WINDOWS\system32\drivers\k310bus.sys
    2007-08-01 16:56 6,208 -ra------ C:\WINDOWS\system32\drivers\k310cmnt.sys
    2007-08-01 16:56 6,208 -ra------ C:\WINDOWS\system32\drivers\k310cm.sys
    2007-08-01 16:56 5,840 -ra------ C:\WINDOWS\system32\drivers\k310whnt.sys
    2007-08-01 16:56 5,840 -ra------ C:\WINDOWS\system32\drivers\k310wh.sys
    2007-08-01 16:53 <DIR> d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Teleca
    2007-08-01 16:50 <DIR> d-------- C:\WINDOWS\LastGood
    2007-08-01 16:49 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
    2007-08-01 16:48 <DIR> d-------- C:\Program Files\Sony Ericsson
    2007-08-01 16:48 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
    2007-08-01 16:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Teleca
    2007-08-01 16:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony Ericsson
    2007-08-01 12:02 75,014 --a------ C:\WINDOWS\sdafrgr.exe
    2007-08-01 12:02 70,049 --a------ C:\WINDOWS\hfewtyre.exe
    2007-08-01 05:44 48,423 --a------ C:\WINDOWS\hntrguytr.exe
    2007-08-01 05:44 47,140 --a------ C:\WINDOWS\esagtrhtr.exe
    2007-07-31 20:00 <DIR> d-------- C:\WINDOWS\system32\appmgmt
    2007-07-31 05:31 84,992 --a------ C:\WINDOWS\WebAssist.dll
    2007-07-31 05:31 76,593 --a------ C:\WINDOWS\ewfrthhyt.exe
    2007-07-31 05:31 69,381 --a------ C:\WINDOWS\yefwergfth.exe
    2007-07-30 08:23 <DIR> d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\InstallShield
    2007-07-29 20:33 <DIR> d--hs---- C:\FOUND.033
    2007-07-27 06:02 <DIR> d--hs---- C:\FOUND.032
    2007-07-27 05:57 <DIR> d--hs---- C:\FOUND.031
    2007-07-27 05:28 <DIR> d--hs---- C:\FOUND.030
    2007-07-26 17:22 <DIR> d--hs---- C:\FOUND.029
    2007-07-25 13:51 <DIR> d--hs---- C:\FOUND.028
    2007-07-25 12:14 47,140 --a------ C:\WINDOWS\hythjuyre.exe
    2007-07-25 12:14 46,559 --a------ C:\WINDOWS\gvrtrrr.exe
    2007-07-25 12:14 <DIR> d--hs---- C:\FOUND.027
    2007-07-25 07:07 69,826 --a------ C:\WINDOWS\egfrtgtrg.exe
    2007-07-25 05:02 <DIR> d--hs---- C:\FOUND.026
    2007-07-24 22:01 52,866 --a------ C:\WINDOWS\tfertewd.exe
    2007-07-23 19:59 71,824 --a------ C:\WINDOWS\tyewefrfe.exe
    2007-07-23 19:59 71,584 --a------ C:\WINDOWS\dgtrdfe.exe
    2007-07-22 23:28 <DIR> d-------- C:\Program Files\MathType
    2007-07-22 23:28 <DIR> d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Design Science
    2007-07-22 16:33 <DIR> d--hs---- C:\FOUND.025
    2007-07-22 11:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sandlot Games
    2007-07-22 11:29 <DIR> d-------- C:\Program Files\RA Tradewinds Legends v1.0 T.D.H.Legend
    2007-07-22 09:56 365,568 --a------ C:\WINDOWS\system32\measintf.dll
    2007-07-22 09:55 <DIR> d-------- C:\Program Files\DesignSoft
    2007-07-22 05:17 54,415 --a------ C:\WINDOWS\grture.exe
    2007-07-20 16:31 71,134 --a------ C:\WINDOWS\egtefertgfe.exe
    2007-07-20 16:28 <DIR> d--hs---- C:\FOUND.024
    2007-07-20 09:22 48,502 --a------ C:\WINDOWS\yhreegtretrg.exe
    2007-07-20 09:19 <DIR> d--hs---- C:\FOUND.023
    2007-07-19 07:46 75,053 --a------ C:\WINDOWS\sfgefge.exe
    2007-07-19 07:43 <DIR> d--hs---- C:\FOUND.022
    2007-07-18 17:17 <DIR> d--hs---- C:\FOUND.021
    2007-07-18 09:18 <DIR> d--hs---- C:\FOUND.020


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-09 06:09 430592 --a------ C:\WINDOWS\system32\winlogon.exe
    2007-08-06 06:39 21672 --a------ C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\GDIPFONTCACHEV1.DAT
    2007-07-26 17:20 430592 --a------ C:\WINDOWS\system32\dllcache\winlogon.exe
    2007-07-08 10:49 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Media Player Classic
    2007-07-08 10:46 --------- d-------- C:\Program Files\MpcStar
    2007-07-08 07:16 --------- d-------- C:\Program Files\GameTop.com
    2007-07-08 06:14 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\flightgear.org
    2007-07-08 06:12 --------- d-------- C:\Program Files\FlightGear
    2007-07-06 08:45 --------- d-------- C:\Program Files\Chikka Messenger
    2007-07-05 07:38 --------- d-------- C:\Program Files\Cucusoft
    2007-07-03 11:26 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\DivX
    2007-07-03 11:25 --------- d-------- C:\Program Files\DivX
    2007-07-02 16:23 4608 --a------ C:\syseotc.exe
    2007-07-02 13:18 --------- d-------- C:\Program Files\Ubi Soft
    2007-07-02 13:09 0 --a------ C:\WINDOWS\PowerReg.dat
    2007-07-02 13:06 --------- d-------- C:\Program Files\Liquid Entertainment
    2007-07-02 10:21 --------- d-------- C:\Program Files\PhoTags Express
    2007-07-02 10:14 --------- d-------- C:\Program Files\Avanquest update
    2007-07-02 10:13 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
    2007-07-02 10:13 --------- d-------- C:\Program Files\Motorola Phone Tools
    2007-06-30 12:35 22592 --a------ C:\WINDOWS\system32\Ft7a25tP.exe
    2007-06-30 06:25 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
    2007-06-28 09:32 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\SmartDraw
    2007-06-28 09:00 --------- d-------- C:\Program Files\SmartDraw 2007
    2007-06-27 20:33 --------- d-------- C:\Program Files\Furl Toolbar
    2007-06-27 05:43 --------- d-------- C:\Program Files\Watanabe-Production and TYPE-MOON
    2007-06-27 05:12 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\WinRAR
    2007-06-26 18:00 --------- d-------- C:\DOCUME~1\ROLDAN~1.ROL\APPLIC~1\Google
    2007-06-26 16:01 --------- d-------- C:\Program Files\Google
    2007-06-25 20:40 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2001-08-23 04:00:00 69,381 --sh--r C:\WINDOWS\system32\memexecu.exe
    2001-08-23 04:00:00 71,584 --sh--r C:\WINDOWS\system32\kbldoc.exe
    2001-08-23 04:00:00 76,325 --sh--r C:\WINDOWS\system32\cncersh.exe
    2001-08-23 04:00:00 50,737 --sh--r C:\WINDOWS\system32\conxgupg.exe
    2001-08-23 04:00:00 47,339 --sh--r C:\WINDOWS\system32\advtykem.exe
    2001-08-23 04:00:00 71,824 --sh--r C:\WINDOWS\system32\sewsol.exe
    2001-08-23 04:00:00 56,780 --sh--r C:\WINDOWS\system32\capnygwe.exe
    2001-08-23 04:00:00 75,053 --sh--r C:\WINDOWS\system32\ldcdx.exe
    2001-08-23 04:00:00 74,385 --sh--r C:\WINDOWS\system32\mfsysnv.exe
    2001-08-23 04:00:00 71,134 --sh--r C:\WINDOWS\system32\assched.exe
    2001-08-23 04:00:00 76,593 --sh--r C:\WINDOWS\system32\njcswq.exe
    2001-08-23 04:00:00 70,049 --sh--r C:\WINDOWS\system32\himsyseg.exe
    2001-08-23 04:00:00 74,307 --sh--r C:\WINDOWS\system32\zewlsm.exe
    2001-08-23 04:00:00 75,014 --sh--r C:\WINDOWS\system32\luidms.exe
    2001-08-23 04:00:00 72,731 --sh--r C:\WINDOWS\system32\nbkdms.exe
    2001-08-23 04:00:00 89,203 --sh--r C:\WINDOWS\system32\clizzxjk.exe
    2001-08-23 04:00:00 73,560 --sh--r C:\WINDOWS\system32\depwmce.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
    2007-07-31 05:31 84992 --a------ C:\WINDOWS\WebAssist.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2004-01-15 20:33 C:\WINDOWS\system32\VTTimer.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-06-18 16:31 C:\WINDOWS\SOUNDMAN.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "klibinst"="C:\WINDOWS\System32\kbldoc.exe" [2001-08-23 12:00]
    "intscve"="C:\WINDOWS\System32\conxgupg.exe" [2001-08-23 12:00]
    "fwddls"="C:\WINDOWS\System32\advtykem.exe" [2001-08-23 12:00]
    "solmreg"="C:\WINDOWS\System32\sewsol.exe" [2001-08-23 12:00]
    "mplaut"="C:\WINDOWS\System32\ldcdx.exe" [2001-08-23 12:00]
    "lsitdm"="C:\WINDOWS\System32\mfsysnv.exe" [2001-08-23 12:00]
    "xpsysmt"="C:\WINDOWS\System32\capnygwe.exe" [2001-08-23 12:00]
    "winsaavc"="C:\WINDOWS\System32\assched.exe" [2001-08-23 12:00]
    "memchds"="C:\WINDOWS\System32\memexecu.exe" [2001-08-23 12:00]
    "grepwbh"="C:\WINDOWS\System32\njcswq.exe" [2001-08-23 12:00]
    "rmctrs"="C:\WINDOWS\System32\luidms.exe" [2001-08-23 12:00]
    "bscfreg"="C:\WINDOWS\System32\himsyseg.exe" [2001-08-23 12:00]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
    "bcrlt"="C:\WINDOWS\System32\zewlsm.exe" [2001-08-23 12:00]
    "dsiknd"="C:\WINDOWS\System32\nbkdms.exe" [2001-08-23 12:00]
    "mvcexs"="clizzxjk.exe" [2001-08-23 12:00 C:\WINDOWS\system32\clizzxjk.exe]
    "opdbcs"="C:\WINDOWS\System32\depwmce.exe" [2001-08-23 12:00]
    "certds"="C:\WINDOWS\System32\cncersh.exe" [2001-08-23 12:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 14:04]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 15:17]
    "ChikkaDefault"="C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe" [2006-11-13 10:55]
    "klibinst"="C:\WINDOWS\System32\kbldoc.exe" [2001-08-23 12:00]
    "intscve"="C:\WINDOWS\System32\conxgupg.exe" [2001-08-23 12:00]
    "fwddls"="C:\WINDOWS\System32\advtykem.exe" [2001-08-23 12:00]
    "solmreg"="C:\WINDOWS\System32\sewsol.exe" [2001-08-23 12:00]
    "mplaut"="C:\WINDOWS\System32\ldcdx.exe" [2001-08-23 12:00]
    "lsitdm"="C:\WINDOWS\System32\mfsysnv.exe" [2001-08-23 12:00]
    "xpsysmt"="C:\WINDOWS\System32\capnygwe.exe" [2001-08-23 12:00]
    "winsaavc"="C:\WINDOWS\System32\assched.exe" [2001-08-23 12:00]
    "memchds"="C:\WINDOWS\System32\memexecu.exe" [2001-08-23 12:00]
    "grepwbh"="C:\WINDOWS\System32\njcswq.exe" [2001-08-23 12:00]
    "rmctrs"="C:\WINDOWS\System32\luidms.exe" [2001-08-23 12:00]
    "bscfreg"="C:\WINDOWS\System32\himsyseg.exe" [2001-08-23 12:00]
    "bcrlt"="C:\WINDOWS\System32\zewlsm.exe" [2001-08-23 12:00]
    "dsiknd"="C:\WINDOWS\System32\nbkdms.exe" [2001-08-23 12:00]
    "mvcexs"="clizzxjk.exe" [2001-08-23 12:00 C:\WINDOWS\system32\clizzxjk.exe]
    "opdbcs"="C:\WINDOWS\System32\depwmce.exe" [2001-08-23 12:00]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 18:48]
    "certds"="C:\WINDOWS\System32\cncersh.exe" [2001-08-23 12:00]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
    Photags AutoDetect.lnk - C:\Program Files\PhoTags Express\Photags AutoDetect.exe [2007-07-02 10:21:40]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=c:\windows\system32\opnnlki.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\codecs]
    ipszioog.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]
    C:\WINDOWS\System32\vedxg6ame4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsHive]
    C:\WINDOWS\System32\rpcc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
    C:\Program Files\WinPop\winpop.exe


    *Newly Created Service* - ALG
    *Newly Created Service* - IPNAT

    Contents of the 'Scheduled Tasks' folder
    2007-08-08 21:55:28 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
    2007-08-07 16:00:32 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-07-23 17:00:32 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-06-30 04:37:04 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-06-30 19:01:06 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-07-15 20:00:58 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-02 21:01:36 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 22:01:28 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-07 23:01:42 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 00:00:32 C:\WINDOWS\Tasks\At9.job
    2007-08-08 01:01:38 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 02:00:32 C:\WINDOWS\Tasks\At11.job
    2007-08-08 03:00:32 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 04:00:32 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 05:00:32 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 06:01:38 C:\WINDOWS\Tasks\At15.job
    2007-08-08 07:00:34 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 08:00:34 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 09:00:36 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-03 10:00:32 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 11:01:36 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 12:01:28 C:\WINDOWS\Tasks\At21.job
    2007-08-07 13:00:32 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-08 14:01:42 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\System32\Ft7a25tP.exe
    2007-08-07 15:00:32 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\System32\Ft7a25tP.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-09 06:09:23
    Windows 5.1.2600 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32vdo_33cc-1cbe.sys 163840 bytes
    C:\WINDOWS\system32vdo_ade-158a.sys 163840 bytes
    C:\WINDOWS\system32vdo_g.ini 16384 bytes

    scan completed successfully
    hidden files: 3

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vdo_ade-158a]
    "ImagePath"="\??\C:\WINDOWS\System32\vdo_ade-158a.sys"

    Completion time: 2007-08-09 6:10:37 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-09 06:10

    --- E O F ---

    --------------------------------------------------------
    Hijack This
    --------------------------------------------------------


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:13:38 AM, on 8/9/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\VTTimer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\System32\kbldoc.exe
    C:\WINDOWS\System32\conxgupg.exe
    C:\WINDOWS\System32\advtykem.exe
    C:\WINDOWS\System32\sewsol.exe
    C:\WINDOWS\System32\ldcdx.exe
    C:\WINDOWS\System32\mfsysnv.exe
    C:\WINDOWS\System32\capnygwe.exe
    C:\WINDOWS\System32\assched.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\System32\clizzxjk.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PhoTags Express\Photags AutoDetect.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.ph/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: XBTB05988 - {5C43B8A2-24E8-4336-B86E-A94558E10C60} - C:\PROGRA~1\FURLTO~1\toolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe
    O4 - HKLM\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe
    O4 - HKLM\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe
    O4 - HKLM\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe
    O4 - HKLM\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe
    O4 - HKLM\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe
    O4 - HKLM\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe
    O4 - HKLM\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe
    O4 - HKLM\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe
    O4 - HKLM\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe
    O4 - HKLM\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe
    O4 - HKLM\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe
    O4 - HKLM\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe
    O4 - HKLM\..\Run: [mvcexs] clizzxjk.exe
    O4 - HKLM\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe
    O4 - HKLM\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
    O4 - HKCU\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe
    O4 - HKCU\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe
    O4 - HKCU\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe
    O4 - HKCU\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe
    O4 - HKCU\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe
    O4 - HKCU\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe
    O4 - HKCU\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe
    O4 - HKCU\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe
    O4 - HKCU\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe
    O4 - HKCU\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe
    O4 - HKCU\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe
    O4 - HKCU\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe
    O4 - HKCU\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe
    O4 - HKCU\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe
    O4 - HKCU\..\Run: [mvcexs] clizzxjk.exe
    O4 - HKCU\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [mvcexs] clizzxjk.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe (User '?')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
    O17 - HKLM\System\CCS\Services\Tcpip\..\{638971BE-EAC9-4B72-9E67-341FCBBCA61F}: NameServer = 195.94.88.254
    O17 - HKLM\System\CS1\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
    O17 - HKLM\System\CS2\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
    O20 - AppInit_DLLs: c:\windows\system32\opnnlki.dll
    O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    --
    End of file - 11142 bytes

    --------------------------------------------------------------
    SmitFraudFix
    --------------------------------------------------------------

    SmitFraudFix v2.210

    Scan done at 5:44:23.41, Thu 08/09/2007
    Run from C:\Documents and Settings\roldan.ROLDAN-V62Q5PKY\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is FAT32
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\Tasks\At?.job FOUND !
    C:\WINDOWS\Tasks\At??.job FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\roldan.ROLDAN-V62Q5PKY


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\roldan.ROLDAN-V62Q5PKY\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ROLDAN~1.ROL\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="c:\\windows\\system32\\opnnlki.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    ------------------------------------------------------
    ------------------------------------------------------
    ------------------------------------------------------

    Could anyone tell me if i'm virus free?? or am i still infected?

    And if i am, i need help in removing it... Thanks
     
  2. Auttaja

    Auttaja Guest

    Looking over your log, it seems you don't have any evidence of a third party firewall.

    As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

    1) ZoneAlarm
    2) Agnitum
    3) Sunbelt/Kerio
    4) Comodo

    If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

    =========


    Looking over your log, it seems you don't have any evidence of an anti-virus software.

    Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

    1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
    2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
    3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

    It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

    =========


    You are currently using an unpatched version of Microsoft XP. It is CRITICAL that you update to Service Pack 1
    Please visit this link:
    Microsoft Service Pack 1

    and install Service Pack 1. If you run into troubles, please post them here.

    IMPORTANT: DO NOT update to Service pack 2. Doing so before your computer is clean can cause Windows to become unstable.
    We will update to SP2 when you are clean.



    Please post back with a HJT log and your computer running with Service pack 1, or with any problems you are having updating.

     
  3. asteg123

    asteg123 Member

    Joined:
    Aug 8, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    sorry for the delayed reply... it seems that we are on opposite time zones...

    anyways... here's the log...


    ----------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:25:23 AM, on 8/10/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\VTTimer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\System32\conxgupg.exe
    C:\WINDOWS\System32\advtykem.exe
    C:\WINDOWS\System32\capnygwe.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\PhoTags Express\Photags AutoDetect.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.ph/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: XBTB05988 - {5C43B8A2-24E8-4336-B86E-A94558E10C60} - C:\PROGRA~1\FURLTO~1\toolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {c5b217b5-0140-4ff3-a331-47528cbb6e0b} - C:\WINDOWS\system32\appgnt.dll
    O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\System32\tmp4.tmp.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe
    O4 - HKLM\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe
    O4 - HKLM\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe
    O4 - HKLM\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe
    O4 - HKLM\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe
    O4 - HKLM\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe
    O4 - HKLM\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe
    O4 - HKLM\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe
    O4 - HKLM\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe
    O4 - HKLM\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe
    O4 - HKLM\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe
    O4 - HKLM\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe
    O4 - HKLM\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe
    O4 - HKLM\..\Run: [mvcexs] clizzxjk.exe
    O4 - HKLM\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe
    O4 - HKLM\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe
    O4 - HKLM\..\Run: [jsispsl] C:\WINDOWS\System32\jdnems.exe
    O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\jkkifd.dll",forkonce
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe
    O4 - HKCU\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe
    O4 - HKCU\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe
    O4 - HKCU\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe
    O4 - HKCU\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe
    O4 - HKCU\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe
    O4 - HKCU\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe
    O4 - HKCU\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe
    O4 - HKCU\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe
    O4 - HKCU\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe
    O4 - HKCU\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe
    O4 - HKCU\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe
    O4 - HKCU\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe
    O4 - HKCU\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe
    O4 - HKCU\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe
    O4 - HKCU\..\Run: [mvcexs] clizzxjk.exe
    O4 - HKCU\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe
    O4 - HKCU\..\Run: [jsispsl] C:\WINDOWS\System32\jdnems.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [ChikkaDefault] C:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\ChikkaLauncher.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [klibinst] C:\WINDOWS\System32\kbldoc.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [intscve] C:\WINDOWS\System32\conxgupg.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [fwddls] C:\WINDOWS\System32\advtykem.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [solmreg] C:\WINDOWS\System32\sewsol.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [mplaut] C:\WINDOWS\System32\ldcdx.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [lsitdm] C:\WINDOWS\System32\mfsysnv.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [xpsysmt] C:\WINDOWS\System32\capnygwe.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [winsaavc] C:\WINDOWS\System32\assched.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [memchds] C:\WINDOWS\System32\memexecu.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [grepwbh] C:\WINDOWS\System32\njcswq.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [rmctrs] C:\WINDOWS\System32\luidms.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [bscfreg] C:\WINDOWS\System32\himsyseg.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [bcrlt] C:\WINDOWS\System32\zewlsm.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [dsiknd] C:\WINDOWS\System32\nbkdms.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [mvcexs] clizzxjk.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [opdbcs] C:\WINDOWS\System32\depwmce.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [certds] C:\WINDOWS\System32\cncersh.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-706699826-1343024091-1003\..\Run: [jsispsl] C:\WINDOWS\System32\jdnems.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
    O17 - HKLM\System\CCS\Services\Tcpip\..\{638971BE-EAC9-4B72-9E67-341FCBBCA61F}: NameServer = 195.94.88.254
    O17 - HKLM\System\CS1\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
    O17 - HKLM\System\CS2\Services\Tcpip\..\{49EB31D0-BB2A-495A-AB16-F3744DDB5FAF}: NameServer = 195.94.88.254
    O20 - AppInit_DLLs: c:\windows\system32\opnnlki.dll
    O20 - Winlogon Notify: appgnt - C:\WINDOWS\SYSTEM32\appgnt.dll
    O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\qwerty12.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

    --
    End of file - 12435 bytes

    ------------------------------------


    thanks for the reply...


    ok... so, i tried to install the service pack, but unfortunately, it
    seems that this copy of windows is illegit... but on the other hand... i had installed
    the antivirus and firewall....

    what now?
     
  4. Auttaja

    Auttaja Guest

    Sorry.. I can´t help if your copy is illegal.
     

Share This Page