Logfile of HijackThis v1.99.1
Scan saved at 6:32:23 AM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HDebo\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\Program Files\Sunbelt Software\iHateSpam\ihsMain.exe
C:\Program Files\Sunbelt Software\iHateSpam\ihsSpamFilterEngine.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HJT\analyse.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F-Secure Online Scanner 3.1.5 - Scanning Report - Saturday, June 23, 2007 06:30:28Scanning
Report
Friday, June 22, 2007 23:02:54 - 06:30:28
Computer name: DESKTOP
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ F:\ G:\
Result: 11 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
Trojan-Downloader.Win32.VB.aya (virus)
C:\SDFix\backups_old2\backups.zip\backups\poolsv.exe
WebHancer (spyware)
System (Disinfected)
Statistics
Scanned:
Files: 190841
System: 4403
Not scanned: 63
Actions:
Disinfected: 2
Renamed: 0
Deleted: 0
None: 11
Submitted: 2
Files not scanned:
ȁAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\RECYCLER\NPROTECT\00362657
C:\PROGRAM FILES\HJT\BACKUPS\BACKUP-20070622-034422-295.DLL
C:\DOCUMENTS AND SETTINGS\HDEBO\DESKTOP\NEW FOLDER
(3)\WINPFIND3U\MOVEDFILES\PROGRAM FILES\ONLINE SERVICES\SADEMOWU43855.DLL
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchYexe.zip\sbRecovery.ini
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\GJeans.zip\Unist1.htm
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify1.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled2.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled3.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled4.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled5.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled6.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled7.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC.zip\kybrdff_7.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC1.zip\dfndrff_7.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCCoreService.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCCoreService1.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCCoreService2.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCToolbar.zip\removalfile.bat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCToolbar1.zip\removalfile.bat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitN큝
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\RECYCLER\NPROTECT\00362657
C:\PROGRAM FILES\HJT\BACKUPS\BACKUP-20070622-034422-295.DLL
C:\DOCUMENTS AND SETTINGS\HDEBO\DESKTOP\NEW FOLDER
(3)\WINPFIND3U\MOVEDFILES\PROGRAM FILES\ONLINE SERVICES\SADEMOWU43855.DLL
C:\Documents and Settings\All Users.WINDOWS\App?to x?ybot - Search &
Destroy\Recovery\CoolWWWSearchYexe.zip\sbRecovery.ini
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\GJeans.zip\Unist1.htm
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify1.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled2.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled3.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled4.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled5.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled6.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled7.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC.zip\kybrdff_7.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC1.zip\dfndrff_7.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCCoreService.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCCoreService1.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCCoreService2.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCToolbar.zip\removalfile.bat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCToolbar1.zip\removalfile.bat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCToolbar2.zip\sbRecovery.reg
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search &
Destroy\Rec缯ul>
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-06-21
F-Secure AVP: 7.0.171, 2007-06-22
F-Secure Orion: 1.2.37, 2007-06-22
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0260-23-12
F-Secure Pegasus: 1.19.0, 2007-05-19
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF
VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI
MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0
TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT
MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB
RAR BZ2 HQX
Scan inside archives
Use Advanced heuristics
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by
third parties that F-Secure World Wide Web pages have a link to. Unless you
have clearly stated otherwise, by submitting material to any of our servers,
for example by E-mail or via our F-Secure's CGI E-mail, you agree that the
material you make available may be published in the F-Secure World Wide
Pages or hard-copy publications. You will reach F-Secure public web site by
clicking on underlined links. While doing this, your access will be logged
to our private access statistics with your domain name.This information will
not be given to any third party. You agree not to take action against us in
relation to material that you submit. Unless you have clearly stated
otherwise, by submitting material you warrant that F-Secure may incorporate
any concepts described in it in the F-Secure products/publications without
liability.
VundoFix V4.2.73
Checking Java version...
Java version is 1.4.2.4
Java version is 1.5.0.2
Java version is 1.5.0.9
Scan started at 6:53:46 PM 5/10/2007
Listing files found while scanning....
No infected files were found.
VundoFix V4.2.73
Checking Java version...
Java version is 1.4.2.4
Java version is 1.5.0.2
Java version is 1.5.0.9
Scan started at 7:24:43 PM 5/15/2007
Listing files found while scanning....
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.tmp
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\ututv.tmp
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\vtutu.dll
Attempting to delete C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ututv.tmp
C:\WINDOWS\system32\ututv.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\ututv.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V4.2.73
Checking Java version...
Java version is 1.4.2.4
Java version is 1.5.0.2
Java version is 1.5.0.9
Scan started at 7:29:02 PM 5/15/2007
Listing files found while scanning....
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\vtutu.dll
Attempting to delete C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vtutu.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V4.2.73
Checking Java version...
Java version is 1.4.2.4
Java version is 1.5.0.2
Java version is 1.5.0.9
Scan started at 7:32:29 PM 5/15/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.23
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 7:25:19 PM 5/16/2007
Listing files found while scanning....
c:\windows\servicepackfiles\i386\odbctask.dll
C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\ilkkj.tmp
C:\WINDOWS\system32\jkkli.dll
Beginning removal...
Attempting to delete c:\windows\servicepackfiles\i386\odbctask.dll
c:\windows\servicepackfiles\i386\odbctask.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\ilkkj.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ilkkj.tmp
C:\WINDOWS\system32\ilkkj.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete c:\windows\servicepackfiles\i386\odbctask.dll
c:\windows\servicepackfiles\i386\odbctask.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.23
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 7:40:05 PM 5/16/2007
Listing files found while scanning....
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ddaya.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\ddaya.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.23
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 7:53:55 PM 5/16/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.23
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 5:13:38 PM 6/1/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.23
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 7:34:23 PM 6/8/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.23
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 1:01:08 PM 6/10/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.23
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 7:26:22 AM 6/13/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.0
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 8:33:22 PM 6/13/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.0
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 1:03:07 AM 6/17/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.0
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 1:54:07 AM 6/18/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.0
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 6:33:44 PM 6/20/2007
Listing files found while scanning....
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.tmp
C:\WINDOWS\system32\jkkjh.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hjkkj.tmp
C:\WINDOWS\system32\hjkkj.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.1
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 1:14:24 AM 6/21/2007
Listing files found while scanning....
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\ddabc.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\ddabc.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.1
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 1:37:40 PM 6/21/2007
Listing files found while scanning....
C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.bak2
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\vturp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\prutv.bak2
C:\WINDOWS\system32\prutv.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\vturp.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\vturp.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.1
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 03:50:23 2007-06-22
Listing files found while scanning....
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mmllm.tmp
C:\WINDOWS\system32\mmllm.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.1
Checking Java version...
Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 10:53:12 PM 6/22/2007
Listing files found while scanning....
No infected files were found.