VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.
Scan started at 3:29:52 PM 7/11/2007
Listing files found while scanning....
C:\windows\system32\bcyivuhi.dll
C:\windows\system32\csrcdunf.exe
C:\windows\system32\eahcxppr.exe
C:\windows\system32\hevkxnbw.exe
C:\windows\system32\htpohjpy.exe
C:\windows\system32\ihuviycb.ini
C:\windows\system32\itmyibnd.exe
C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.tmp
C:\WINDOWS\system32\mllml.dll
C:\windows\system32\pruunseq.exe
C:\windows\system32\qbfuuvwg.exe
C:\windows\system32\qudnwehr.dll
C:\windows\system32\rhewnduq.ini
C:\WINDOWS\system32\rqroopo.dll
C:\WINDOWS\system32\ryfhaxxw.dll
C:\WINDOWS\system32\tkutwjxm.dll
C:\windows\system32\wxxahfyr.ini
Beginning removal...
Attempting to delete C:\windows\system32\bcyivuhi.dll
C:\windows\system32\bcyivuhi.dll Has been deleted!
Attempting to delete C:\windows\system32\csrcdunf.exe
C:\windows\system32\csrcdunf.exe Has been deleted!
Attempting to delete C:\windows\system32\eahcxppr.exe
C:\windows\system32\eahcxppr.exe Has been deleted!
Attempting to delete C:\windows\system32\hevkxnbw.exe
C:\windows\system32\hevkxnbw.exe Has been deleted!
Attempting to delete C:\windows\system32\htpohjpy.exe
C:\windows\system32\htpohjpy.exe Has been deleted!
Attempting to delete C:\windows\system32\ihuviycb.ini
C:\windows\system32\ihuviycb.ini Has been deleted!
Attempting to delete C:\windows\system32\itmyibnd.exe
C:\windows\system32\itmyibnd.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmllm.tmp
C:\WINDOWS\system32\lmllm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Has been deleted!
Attempting to delete C:\windows\system32\pruunseq.exe
C:\windows\system32\pruunseq.exe Has been deleted!
Attempting to delete C:\windows\system32\qbfuuvwg.exe
C:\windows\system32\qbfuuvwg.exe Has been deleted!
Attempting to delete C:\windows\system32\qudnwehr.dll
C:\windows\system32\qudnwehr.dll Has been deleted!
Attempting to delete C:\windows\system32\rhewnduq.ini
C:\windows\system32\rhewnduq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqroopo.dll
C:\WINDOWS\system32\rqroopo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ryfhaxxw.dll
C:\WINDOWS\system32\ryfhaxxw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tkutwjxm.dll
C:\WINDOWS\system32\tkutwjxm.dll Has been deleted!
Attempting to delete C:\windows\system32\wxxahfyr.ini
C:\windows\system32\wxxahfyr.ini Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 3:36:27 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Access Remote PC 4\rpcsetup.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\Scanner.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = A;AOL;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\ahjodqsg.dll
O2 - BHO: (no name) - {94AE7801-DABF-4CAA-A10B-13C95A707FBD} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Block frame with Ad Muncher -
http://www.admuncher.com/request_will_b ... u_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher -
http://www.admuncher.com/request_will_b ... u_ie_image
O8 - Extra context menu item: Block link with Ad Muncher -
http://www.admuncher.com/request_will_b ... nu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher -
http://www.admuncher.com/request_will_b ... ie_exclude
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers -
http://www.admuncher.com/request_will_b ... _ie_report
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{954E0DFF-D888-4317-9065-FD0D52C792BF}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{954E0DFF-D888-4317-9065-FD0D52C792BF}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Access Remote PC Service 4.5 (RpcSvr4x) - Access Remote PC (
http://www.access-remote-pc.com) - C:\Program Files\Access Remote PC 4\rpcsetup.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)