VundoFix V6.2.11
Checking Java version...
Java version is 1.5.0.6
Scan started at 21:44:29 22.11.2006
Listing files found while scanning....
C:\WINDOWS\security\wtca.ini
C:\WINDOWS\security\wtca.bak1
C:\WINDOWS\security\wtca.bak2
C:\WINDOWS\security\wtca.ini2
C:\WINDOWS\security\wtca.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\security\actw.dll
C:\WINDOWS\security\actw.dll Has been deleted!
Attempting to delete C:\WINDOWS\security\wtca.ini
C:\WINDOWS\security\wtca.ini Has been deleted!
Attempting to delete C:\WINDOWS\security\wtca.bak1
C:\WINDOWS\security\wtca.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\security\wtca.bak2
C:\WINDOWS\security\wtca.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\security\wtca.ini2
C:\WINDOWS\security\wtca.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\security\wtca.tmp
C:\WINDOWS\security\wtca.tmp Has been deleted!
Performing Repairs to the registry.
Done!
______________________________________________________________________________________
Laura - 06-11-22 23:23:51,29 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Laura\Ty”p”yt„"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\PrintView
C:\Program Files\Common Files\{3882E355-05BA-1035-1214-010723010166}
C:\Program Files\Common Files\{C882E355-05BA-1035-1214-010723010166}
((((((((((((((((((((((((((((((( Files Created from 2006-10-22 to 2006-11-22 ))))))))))))))))))))))))))))))))))
2006-11-22 21:45 1,492 --a------ C:\WINDOWSvundofix.reg
2006-11-22 21:44 <KANSIO> d-------- C:\VundoFix Backups
2006-11-21 22:15 <KANSIO> d-------- C:\Program Files\MSN Messenger
2006-11-21 20:42 126,996 --a------ C:\WINDOWS\system32\uilewpix.dll
2006-11-21 20:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-21 19:59 <KANSIO> d-------- C:\Program Files\Grisoft
2006-11-21 19:44 126,996 --a------ C:\WINDOWS\system32\lcbmiwoc.dll
2006-11-17 04:05 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2006-11-16 20:26 126,996 --a------ C:\WINDOWS\system32\kjvhbquh.dll
2006-11-16 19:46 <KANSIO> dr-h----- C:\Documents and Settings\Laura\Recent
2006-11-16 05:13 94,208 --a------ C:\WINDOWS\system32\kxlpyje.dll
2006-11-16 05:13 71,680 --a------ C:\WINDOWS\system32\shuzqqc.dll
2006-11-13 19:16 <KANSIO> d-------- C:\Program Files\iTunes
2006-11-13 19:16 <KANSIO> d-------- C:\Program Files\iPod
2006-11-13 18:59 <KANSIO> d-------- C:\Program Files\QuickTime
2006-11-08 23:47 <KANSIO> d-------- C:\Program Files\ToniArts
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 07:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-10-30 22:29 110,612 --a------ C:\WINDOWS\system32\pdyogave.exe
2006-10-26 22:46 <KANSIO> d-------- C:\WINDOWS\WBEM
2006-10-26 22:42 <KANSIO> d-------- C:\Program Files\Lavasoft
2006-10-26 22:42 <KANSIO> d-------- C:\Documents and Settings\Laura\Application Data\Lavasoft
2006-10-26 22:25 <KANSIO> d-------- C:\WINDOWS\network diagnostic
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-22 23:26 -------- d-------- C:\Program Files\Common Files
2006-11-22 22:49 -------- d-------- C:\Documents and Settings\Laura\Application Data\Skype
2006-11-22 21:58 -------- d-------- C:\Program Files\Morpheus
2006-11-21 23:01 -------- d-------- C:\Program Files\WinRAR
2006-11-21 23:00 -------- d-------- C:\Program Files\Windows Defender
2006-11-21 22:55 -------- d-------- C:\Program Files\Internet Explorer
2006-11-21 22:55 -------- d-------- C:\Program Files\Common Files\System
2006-11-15 14:18 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-06 21:48 -------- d-------- C:\Program Files\Apple Software Update
2006-11-04 11:41 -------- d-------- C:\Documents and Settings\Laura\Application Data\AdobeUM
2006-11-03 20:04 28768 --a------ C:\Documents and Settings\Laura\Application Data\GDIPFONTCACHEV1.DAT
2006-10-30 22:30 -------- d-------- C:\Program Files\TVUPlayer
2006-10-29 14:35 -------- d-------- C:\Documents and Settings\Laura\Application Data\Adobe
2006-10-27 00:02 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-27 00:02 -------- d-------- C:\Program Files\Adobe
2006-10-26 23:34 -------- d-------- C:\Program Files\Google
2006-10-26 23:28 -------- d-------- C:\Program Files\DivX
2006-10-26 20:22 -------- d-------- C:\Program Files\Common Files\EPSON
2006-10-21 22:32 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-21 22:21 -------- d-------- C:\Program Files\BitTorrent
2006-10-21 12:37 -------- d-------- C:\Documents and Settings\Laura\Application Data\SearchToolbarCorp
2006-10-17 12:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-15 20:59 98324 --a------ C:\WINDOWS\system32\tlvivsfo.dll
2006-10-15 20:34 93696 --a------ C:\WINDOWS\system32\eizszhh.dll
2006-10-15 20:34 72192 --a------ C:\WINDOWS\system32\nftpnmh.dll
2006-10-14 14:31 -------- d-------- C:\Documents and Settings\Laura\Application Data\DivX
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 21:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 21:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 17:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 17:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 17:39 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-25 17:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-25 17:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 17:49 617472 --a------ C:\WINDOWS\system32\comctl32.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"DW4"="\"C:\\PROGRA~1\\THEWEA~1\\DESKTO~1\\DESKTO~1.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"snpstd3"="C:\\WINDOWS\\vsnpstd3.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="
http://photos.nsmb.c...ike_231430.jpg""SubscribedURL"="
http://photos.nsmb.c...ike_231430.jpg""FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,17,01,00,00,1f,03,00,00,3e,02,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,6e,00,00,00,44,00,00,00,1f,03,00,00,3e,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrnt32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 06-11-22 23:26:33.50
C:\ComboFix.txt ... 06-11-22 23:26
------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:34:42, on 22.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\THEWEA~1\DESKTO~1\DESKTO~1.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Laura\Työpöytä\HJT.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....6...ER}&ar=homeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {096DD24E-1FBB-41A1-A6DC-2C74794A24F4} - C:\WINDOWS\security\actw.dll (file missing)
O2 - BHO: (no name) - {43098669-36EE-4542-8410-0A1237092035} - C:\WINDOWS\system32\shuzqqc.dll
O2 - BHO: (no name) - {72AA66B1-4B7F-C7A8-4521-01F02C80352D} - C:\WINDOWS\system32\nftpnmh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\xthqryhf.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DW4] "C:\PROGRA~1\THEWEA~1\DESKTO~1\DESKTO~1.exe"
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by124w.bay124...es/MsnPUpld.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE (file missing)
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: FSMA - Unknown owner - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe