Help me please

  1. 24-05-2007  #1
    Troubledcomputer
    Troubledcomputer is offline Newbie

    Help me please

    I downloaded and scanned my computer it found trojan vundo and trojan horse generic 4.plh and trojan horse generic 4. jow....They are in my avg vault. However I also bought aware and it did its job or so I thought.. I also downloaded the removal for vundo which then it told me I didn't have it on my computer but at the same time the scans are still finding it?

    Here is my vundo fix file
    ymantec Trojan.Vundo Removal Tool 1.5.0

    C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\?\SharingMetadata\?\DFSR\ Staging\CS{0C9CE5BF-254F-5AC1-D2D5-6FBA6D92D5F3}\01\10-{0C9CE5BF-254F-5AC1-D2D5-6FBA6D92D5F3}-v1-{D6AA783D-8677-4C9C-8BCB-63CE9054C9D4}-v10-Downloaded.frx (WARNING: not scanned, path to long)
    C:\System Volume Information: (not scanned)
    D:\System Volume Information: (not scanned)
    Trojan.Vundo has not been found on your computer.

    And here is hijackthis file

    Logfile of HijackThis v1.99.1
    Scan saved at 11:32:32 AM, on 24/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AdwareAlert\AdwareAlert.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\sdtrayapp.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?766be992193d4697805b9095bf58c3b9
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?766be992193d4697805b9095bf58c3b9
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1169333341062
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WON...herControl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

    Please help me
  2. 25-05-2007  #2
    Neal
    Neal is offline Dedicated Member
    Welcome




    1. Download this file - COMBOFIX
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it will produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Post a new hijackthis log also please.
  3. 25-05-2007  #3
    Troubledcomputer
    Troubledcomputer is offline Newbie
    New hijack file

    Logfile of HijackThis v1.99.1
    Scan saved at 3:25:00 PM, on 25/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AdwareAlert\AdwareAlert.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\sdtrayapp.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?766be992193d4697805b9095bf58c3b9
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?766be992193d4697805b9095bf58c3b9
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1169333341062
    O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.sierra.com/cab/WON...herControl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe



    Combofix file


    "admin" - 2007-05-25 15:18:15 Service Pack 2
    ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\admin\Desktop\"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 ))))))))))))))))))))))))))))))))))


    2007-05-24 11:28 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-05-24 11:28 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-05-24 11:28 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-05-24 11:28 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-05-24 11:28 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-05-24 11:28 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-05-24 11:28 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-05-24 11:28 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\PC Tools
    2007-05-24 11:00 <DIR> d-------- C:\Program Files\NoAdware5.0
    2007-05-23 14:59 <DIR> d-------- C:\Program Files\Lavasoft
    2007-05-23 14:59 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\Lavasoft
    2007-05-23 14:31 <DIR> d-------- C:\Program Files\ErrorKiller
    2007-05-23 14:31 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\ErrorKiller
    2007-05-23 14:17 <DIR> d-------- C:\Program Files\AdwareAlert
    2007-05-23 14:17 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\AdwareAlert
    2007-05-23 14:08 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-05-23 13:52 <DIR> d-------- C:\Program Files\Nanny Mania
    2007-05-20 20:03 <DIR> d-------- C:\Program Files\Fairy Godmother Tycoon
    2007-05-20 19:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\96-05-46-2p-3p-r9
    2007-05-20 17:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\4p-r9-67-55-p3-26
    2007-05-18 16:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
    2007-05-18 16:16 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\GameHouse
    2007-05-15 18:30 <DIR> d-------- C:\WINDOWS\Profiles
    2007-05-15 18:29 <DIR> d-------- C:\Program Files\WON
    2007-05-09 14:35 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-05-09 14:31 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-05-09 14:30 <DIR> d-------- C:\Program Files\bfgclient
    2007-05-09 14:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    2007-05-08 10:08 <DIR> d-------- C:\Program Files\QuickTime
    2007-04-29 19:06 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\Magic Match
    2007-04-29 19:04 <DIR> d-------- C:\Program Files\MumboJumbo
    2007-04-26 21:54 <DIR> d-------- C:\Program Files\Grimm`s Hatchery


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

    2007-05-24 16:05:22 -------- d-----w C:\Program Files\Tiger Gaming
    2007-05-24 04:00:57 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\PlayFirst
    2007-05-23 02:15:00 -------- d-----w C:\Program Files\GameHouse
    2007-05-03 19:54:40 -------- d-----w C:\Program Files\FinePixViewer
    2007-04-20 03:01:25 -------- d-----w C:\Program Files\Nancy Drew - Danger on Deception Island
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 18:08:01 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\FloodLightGames
    2007-04-17 18:06:28 -------- d-----w C:\Program Files\Agatha Christie - Death on the Nile
    2007-04-17 04:00:49 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\Aim
    2007-04-17 04:00:24 -------- d-----w C:\Program Files\AIM
    2007-04-01 22:31:31 -------- d-----w C:\Program Files\Carrie the Caregiver
    2007-03-29 03:02:36 -------- d-----w C:\Program Files\MSN Messenger
    2007-03-27 04:13:23 -------- d--h--r C:\DOCUME~1\admin\APPLIC~1\yahoo!
    2007-03-21 22:13:17 -------- d-----w C:\Program Files\Virtual Villagers - The Lost Children
    2007-03-21 15:07:13 -------- d-----w C:\Program Files\IncrediMail
    2007-03-21 14:58:57 -------- d-----w C:\Program Files\Google
    2007-03-21 14:57:42 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\MSNInstaller
    2007-03-18 14:45:40 -------- d-----w C:\DOCUME~1\admin\APPLIC~1\InterVideo
    2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-15 17:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
    2007-03-15 17:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
    2007-03-12 14:39:00 -------- d-----w C:\Program Files\Yahoo!
    2007-03-09 19:59:00 -------- d-----w C:\Program Files\BFG
    2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
    2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 23:38]
    {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 08:20]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 16:22]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 13:29]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-20 00:55]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-11 00:26]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 16:56]
    "RTHDCPL"="RTHDCPL.EXE" []
    "Alcmtr"="ALCMTR.EXE" []
    "AGRSMMSG"="AGRSMMSG.exe" []
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 08:20]
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 19:13]
    "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 15:11]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 16:47]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 14:37]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 03:02]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 23:17]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 23:13]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 23:17]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2007-04-20 11:51]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 16:03]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-08 10:08]
    "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-05-10 13:16]
    "errorkiller"="C:\Program Files\errorkiller\errorkiller.exe" [2007-03-30 16:56]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-17 12:02]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 03:32]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-03-20 18:36]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 13:49]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-02-26 20:00]
    "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-05-10 13:16]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\sdcoreservice]

    *Newly Created Service* -IKFILEFLT
    *Newly Created Service* -IKFILESEC
    *Newly Created Service* -IKSYSFLT
    *Newly Created Service* -IKSYSSEC
    *Newly Created Service* -MCHINJDRV
    *Newly Created Service* -PROCEXP90
    *Newly Created Service* -SDAUXSERVICE
    *Newly Created Service* -SDCORESERVICE

    Contents of the 'Scheduled Tasks' folder
    2007-05-24 04:05:51 C:\WINDOWS\tasks\AdwareAlert Scheduled Scan.job
    2007-05-24 04:05:52 C:\WINDOWS\tasks\ErrorKiller Scheduled Scan.job

    ************************************************** ******************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-25 15:20:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ************************************************** ******************

    Completion time: 2007-05-25 1505

    --- E O F ---
  4. 25-05-2007  #4
    Neal
    Neal is offline Dedicated Member
    Your computer appears to be clean of Vundo Trojan, combofix is also a good finder and killer of the vundo trojan.

    How is it behaving?
  5. 26-05-2007  #5
    Troubledcomputer
    Troubledcomputer is offline Newbie
    It seems a bit slow... AVG detected the vundo and put it in quarantine. Another program still found it. But i've done searches with avg since and it doesn't detect anything. I tell yah computers are sure strange. Is there a way to protect computer besides avg so I don't get this again?
    Thank you so much for your help
  6. 26-05-2007  #6
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Try this:


    To clean your temp folder, recycle bin, etc..please download this free tool:

    CCleaner

    Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
    It will put a shortcut on your Desktop.

    Uncheck cookies

    Before first use:
    Select Options then Advanced.
    UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.


    Then Reboot (Exit)

    Better?
+ Reply to Thread
« HJT Log- Divine Zeal | *HJT logs* »